kpot | 008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
Size

1.9MB
MD5

ce5e293fa93481cd796bdc9a1c457580
SHA1

bcf49c5671627212829911c81f489e4cfbf5ddc0
SHA256

008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b
SHA512

d43fbc9b5fc5c528e69f94e2885a586a0f8ae3de57df6a83a6156f9c1b5ff938dd2a5b728d3b382ae1d4d624337fa7a89d365383b5533638a7268554e93d4f12
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNa9:oemTLkNdfE0pZrwt

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x00090000000122d6-3.dat	family_kpot
behavioral1/files/0x000a000000014288-9.dat	family_kpot
behavioral1/files/0x000700000001444c-12.dat	family_kpot
behavioral1/files/0x00070000000144a4-25.dat	family_kpot
behavioral1/files/0x00070000000144e4-40.dat	family_kpot
behavioral1/files/0x0006000000016cbb-99.dat	family_kpot
behavioral1/files/0x000600000001705e-182.dat	family_kpot
behavioral1/files/0x00060000000171b9-191.dat	family_kpot
behavioral1/files/0x000600000001708b-187.dat	family_kpot
behavioral1/files/0x0006000000016d52-177.dat	family_kpot
behavioral1/files/0x0006000000016d4e-172.dat	family_kpot
behavioral1/files/0x0006000000016d4a-167.dat	family_kpot
behavioral1/files/0x0006000000016d43-162.dat	family_kpot
behavioral1/files/0x0006000000016d2f-158.dat	family_kpot
behavioral1/files/0x0006000000016d27-152.dat	family_kpot
behavioral1/files/0x0006000000016d1f-147.dat	family_kpot
behavioral1/files/0x0006000000016d0e-137.dat	family_kpot
behavioral1/files/0x0006000000016cfd-127.dat	family_kpot
behavioral1/files/0x0006000000016d16-142.dat	family_kpot
behavioral1/files/0x0006000000016d05-132.dat	family_kpot
behavioral1/files/0x0006000000016cf1-122.dat	family_kpot
behavioral1/files/0x0006000000016ce9-117.dat	family_kpot
behavioral1/files/0x0006000000016cda-112.dat	family_kpot
behavioral1/files/0x0006000000016cd1-106.dat	family_kpot
behavioral1/files/0x0006000000016c9c-92.dat	family_kpot
behavioral1/files/0x0006000000016c2c-76.dat	family_kpot
behavioral1/files/0x0006000000016c30-83.dat	family_kpot
behavioral1/files/0x0006000000016a58-61.dat	family_kpot
behavioral1/files/0x0006000000016c27-67.dat	family_kpot
behavioral1/files/0x00060000000169fa-51.dat	family_kpot
behavioral1/files/0x000600000001677b-43.dat	family_kpot
behavioral1/files/0x00070000000144f3-37.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2844-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00090000000122d6-3.dat	xmrig
behavioral1/memory/2912-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000a000000014288-9.dat	xmrig
behavioral1/memory/3008-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001444c-12.dat	xmrig
behavioral1/files/0x00070000000144a4-25.dat	xmrig
behavioral1/files/0x00070000000144e4-40.dat	xmrig
behavioral1/memory/2576-38-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2844-53-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2844-54-0x0000000001FC0000-0x0000000002314000-memory.dmp	xmrig
behavioral1/memory/2648-55-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2584-63-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2644-70-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cbb-99.dat	xmrig
behavioral1/files/0x000600000001705e-182.dat	xmrig
behavioral1/memory/2968-975-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2576-532-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000171b9-191.dat	xmrig
behavioral1/files/0x000600000001708b-187.dat	xmrig
behavioral1/files/0x0006000000016d52-177.dat	xmrig
behavioral1/files/0x0006000000016d4e-172.dat	xmrig
behavioral1/files/0x0006000000016d4a-167.dat	xmrig
behavioral1/files/0x0006000000016d43-162.dat	xmrig
behavioral1/files/0x0006000000016d2f-158.dat	xmrig
behavioral1/files/0x0006000000016d27-152.dat	xmrig
behavioral1/files/0x0006000000016d1f-147.dat	xmrig
behavioral1/files/0x0006000000016d0e-137.dat	xmrig
behavioral1/files/0x0006000000016cfd-127.dat	xmrig
behavioral1/files/0x0006000000016d16-142.dat	xmrig
behavioral1/files/0x0006000000016d05-132.dat	xmrig
behavioral1/files/0x0006000000016cf1-122.dat	xmrig
behavioral1/files/0x0006000000016ce9-117.dat	xmrig
behavioral1/files/0x0006000000016cda-112.dat	xmrig
behavioral1/files/0x0006000000016cd1-106.dat	xmrig
behavioral1/memory/1676-102-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2736-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c9c-92.dat	xmrig
behavioral1/memory/2520-88-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2952-86-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2404-85-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2732-80-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/3008-78-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c2c-76.dat	xmrig
behavioral1/files/0x0006000000016c30-83.dat	xmrig
behavioral1/memory/2844-69-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2844-62-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0006000000016a58-61.dat	xmrig
behavioral1/memory/2912-68-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c27-67.dat	xmrig
behavioral1/memory/2688-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2968-46-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x00060000000169fa-51.dat	xmrig
behavioral1/files/0x000600000001677b-43.dat	xmrig
behavioral1/memory/2952-30-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2404-21-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000144f3-37.dat	xmrig
behavioral1/memory/2844-35-0x0000000001FC0000-0x0000000002314000-memory.dmp	xmrig
behavioral1/memory/2648-1573-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2584-2240-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2844-2516-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2644-2517-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2520-2844-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2736-3130-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2912	BWoDiAm.exe
3008	HDCDlao.exe
2404	fMbuxrB.exe
2952	QWUaCRu.exe
2576	JniUqlO.exe
2968	MkfrvjH.exe
2688	DVbQycL.exe
2648	wSzjYLq.exe
2584	Vkjoxor.exe
2644	XVGMUTl.exe
2732	eFNSMLx.exe
2520	xvBvQFd.exe
2736	aKMvoBt.exe
1676	sYkCKEs.exe
2276	LiiAFrK.exe
752	IPNarWt.exe
1916	CzBABoP.exe
540	GMYYCWA.exe
1696	cXmdaLy.exe
1888	OiLtauG.exe
2140	JySbpxP.exe
1540	BWJCZIT.exe
1252	NWiIbjT.exe
632	YDvvaZa.exe
2760	ZjrbdIK.exe
3032	XsegyzX.exe
596	nnaYojm.exe
772	qOfJURD.exe
1108	ekgDyBY.exe
612	tLVBsIK.exe
1912	zKgMagd.exe
960	UvHtnlp.exe
1036	dzNBKXB.exe
2316	PNJKelq.exe
308	lkhUDRc.exe
1400	aFXPzpw.exe
1536	wgzrKVM.exe
984	igaUpwW.exe
1104	sDcKFUE.exe
1040	asHWIJX.exe
2080	usTQgPz.exe
2244	pxTzMrK.exe
916	vWOjIGd.exe
2320	mGHcDWL.exe
2164	ZKYaOrL.exe
552	vsPuZzq.exe
2180	uRjJzmy.exe
616	dPAYyOM.exe
300	MeOgIVg.exe
892	YBRmpGC.exe
768	hCnHjjW.exe
1224	fWSISpT.exe
1592	NDKWwYq.exe
1596	siwwOwY.exe
2904	OzMMmKE.exe
3000	UadREQH.exe
2908	vQeXnNI.exe
2592	ggEhMKQ.exe
2620	eNqvGyq.exe
2296	Cnmfevy.exe
2580	jqxFDQV.exe
2472	QyDYHGl.exe
1516	fERYLJT.exe
1744	ZNRKSBR.exe

Loads dropped DLL 64 IoCs

pid	Process
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2844-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00090000000122d6-3.dat	upx
behavioral1/memory/2912-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000a000000014288-9.dat	upx
behavioral1/memory/3008-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000700000001444c-12.dat	upx
behavioral1/files/0x00070000000144a4-25.dat	upx
behavioral1/files/0x00070000000144e4-40.dat	upx
behavioral1/memory/2576-38-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2844-53-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2648-55-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2584-63-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2644-70-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000016cbb-99.dat	upx
behavioral1/files/0x000600000001705e-182.dat	upx
behavioral1/memory/2968-975-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2576-532-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000171b9-191.dat	upx
behavioral1/files/0x000600000001708b-187.dat	upx
behavioral1/files/0x0006000000016d52-177.dat	upx
behavioral1/files/0x0006000000016d4e-172.dat	upx
behavioral1/files/0x0006000000016d4a-167.dat	upx
behavioral1/files/0x0006000000016d43-162.dat	upx
behavioral1/files/0x0006000000016d2f-158.dat	upx
behavioral1/files/0x0006000000016d27-152.dat	upx
behavioral1/files/0x0006000000016d1f-147.dat	upx
behavioral1/files/0x0006000000016d0e-137.dat	upx
behavioral1/files/0x0006000000016cfd-127.dat	upx
behavioral1/files/0x0006000000016d16-142.dat	upx
behavioral1/files/0x0006000000016d05-132.dat	upx
behavioral1/files/0x0006000000016cf1-122.dat	upx
behavioral1/files/0x0006000000016ce9-117.dat	upx
behavioral1/files/0x0006000000016cda-112.dat	upx
behavioral1/files/0x0006000000016cd1-106.dat	upx
behavioral1/memory/1676-102-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2736-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0006000000016c9c-92.dat	upx
behavioral1/memory/2520-88-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2952-86-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2404-85-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2732-80-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/3008-78-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0006000000016c2c-76.dat	upx
behavioral1/files/0x0006000000016c30-83.dat	upx
behavioral1/files/0x0006000000016a58-61.dat	upx
behavioral1/memory/2912-68-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0006000000016c27-67.dat	upx
behavioral1/memory/2688-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2968-46-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x00060000000169fa-51.dat	upx
behavioral1/files/0x000600000001677b-43.dat	upx
behavioral1/memory/2952-30-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2404-21-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x00070000000144f3-37.dat	upx
behavioral1/memory/2648-1573-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2584-2240-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2644-2517-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2520-2844-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2736-3130-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1676-3517-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2912-4030-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/3008-4031-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2952-4032-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2576-4033-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZkjgorR.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\xcZtfxD.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\KpZmEqj.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\TVLOxwS.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\naQiqre.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\IqIKyJG.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\mpbLKuj.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\wDnmxum.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\qUwxFhW.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\PiFealL.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\lKSvJOx.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\lWsLugM.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\IWptabU.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\zlEfbZC.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\bgDRYTI.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\HdzFPHk.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\ekgDyBY.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\bTCjoBX.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\lbHZjfZ.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\plwWqoz.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\jZHBYbJ.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\USlkFMQ.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\DfAQfUH.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\EkKDSuB.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\LicnlzI.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\ZvBonNr.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\XwJleyB.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\ZVSMlBR.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\yufkxCp.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\kgQepNS.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\BVffeGi.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\iEcBgxA.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\UvHtnlp.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\GZSxAuW.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\IfiEDac.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\MADEbGF.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\pxTzMrK.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\uydydTs.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\PNJKelq.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\INghMQj.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\dlVCQSL.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\wfMijmD.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\KBTPokQ.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\IfDVcGM.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\MCXVDhA.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\NWiIbjT.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\xJubCBV.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\bPPLjcy.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\edukuFK.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\RULBiMX.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\PFKMsFw.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\CBIXhjy.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\BEDWveq.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\cWVOJdS.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\zaAdcre.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\dcUYyvq.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\BvMnopg.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\NKEMxgQ.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\jxOLiav.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\QQYJvlL.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\xnfFVzr.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\NkJcQvv.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\wnlEUsF.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
File created	C:\Windows\System\tpXJdwU.exe	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2912	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2912	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2912	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 3008	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 3008	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 3008	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 2404	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2404	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2404	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2952	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	32
PID 2844 wrote to memory of 2952	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	32
PID 2844 wrote to memory of 2952	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	32
PID 2844 wrote to memory of 2968	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	33
PID 2844 wrote to memory of 2968	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	33
PID 2844 wrote to memory of 2968	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	33
PID 2844 wrote to memory of 2576	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	34
PID 2844 wrote to memory of 2576	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	34
PID 2844 wrote to memory of 2576	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	34
PID 2844 wrote to memory of 2688	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2688	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2688	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2648	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	36
PID 2844 wrote to memory of 2648	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	36
PID 2844 wrote to memory of 2648	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	36
PID 2844 wrote to memory of 2584	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	37
PID 2844 wrote to memory of 2584	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	37
PID 2844 wrote to memory of 2584	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	37
PID 2844 wrote to memory of 2644	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	38
PID 2844 wrote to memory of 2644	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	38
PID 2844 wrote to memory of 2644	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	38
PID 2844 wrote to memory of 2732	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	39
PID 2844 wrote to memory of 2732	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	39
PID 2844 wrote to memory of 2732	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	39
PID 2844 wrote to memory of 2520	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	40
PID 2844 wrote to memory of 2520	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	40
PID 2844 wrote to memory of 2520	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	40
PID 2844 wrote to memory of 2736	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	41
PID 2844 wrote to memory of 2736	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	41
PID 2844 wrote to memory of 2736	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	41
PID 2844 wrote to memory of 1676	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	42
PID 2844 wrote to memory of 1676	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	42
PID 2844 wrote to memory of 1676	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	42
PID 2844 wrote to memory of 2276	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	43
PID 2844 wrote to memory of 2276	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	43
PID 2844 wrote to memory of 2276	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	43
PID 2844 wrote to memory of 752	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	44
PID 2844 wrote to memory of 752	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	44
PID 2844 wrote to memory of 752	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	44
PID 2844 wrote to memory of 1916	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	45
PID 2844 wrote to memory of 1916	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	45
PID 2844 wrote to memory of 1916	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	45
PID 2844 wrote to memory of 540	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	46
PID 2844 wrote to memory of 540	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	46
PID 2844 wrote to memory of 540	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	46
PID 2844 wrote to memory of 1696	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	47
PID 2844 wrote to memory of 1696	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	47
PID 2844 wrote to memory of 1696	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	47
PID 2844 wrote to memory of 1888	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	48
PID 2844 wrote to memory of 1888	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	48
PID 2844 wrote to memory of 1888	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	48
PID 2844 wrote to memory of 2140	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	49
PID 2844 wrote to memory of 2140	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	49
PID 2844 wrote to memory of 2140	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	49
PID 2844 wrote to memory of 1540	2844	008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\008c5f915752f092940d3c2c66e0ad302a2e66eeab1039fdb6f6cccd833f5c5b_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\System\BWoDiAm.exe
  C:\Windows\System\BWoDiAm.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HDCDlao.exe
  C:\Windows\System\HDCDlao.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\fMbuxrB.exe
  C:\Windows\System\fMbuxrB.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\QWUaCRu.exe
  C:\Windows\System\QWUaCRu.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\MkfrvjH.exe
  C:\Windows\System\MkfrvjH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\JniUqlO.exe
  C:\Windows\System\JniUqlO.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\DVbQycL.exe
  C:\Windows\System\DVbQycL.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wSzjYLq.exe
  C:\Windows\System\wSzjYLq.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\Vkjoxor.exe
  C:\Windows\System\Vkjoxor.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\XVGMUTl.exe
  C:\Windows\System\XVGMUTl.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\eFNSMLx.exe
  C:\Windows\System\eFNSMLx.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\xvBvQFd.exe
  C:\Windows\System\xvBvQFd.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\aKMvoBt.exe
  C:\Windows\System\aKMvoBt.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\sYkCKEs.exe
  C:\Windows\System\sYkCKEs.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\LiiAFrK.exe
  C:\Windows\System\LiiAFrK.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\IPNarWt.exe
  C:\Windows\System\IPNarWt.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\CzBABoP.exe
  C:\Windows\System\CzBABoP.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\GMYYCWA.exe
  C:\Windows\System\GMYYCWA.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\cXmdaLy.exe
  C:\Windows\System\cXmdaLy.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\OiLtauG.exe
  C:\Windows\System\OiLtauG.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\JySbpxP.exe
  C:\Windows\System\JySbpxP.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\BWJCZIT.exe
  C:\Windows\System\BWJCZIT.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\NWiIbjT.exe
  C:\Windows\System\NWiIbjT.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\YDvvaZa.exe
  C:\Windows\System\YDvvaZa.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\ZjrbdIK.exe
  C:\Windows\System\ZjrbdIK.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XsegyzX.exe
  C:\Windows\System\XsegyzX.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\nnaYojm.exe
  C:\Windows\System\nnaYojm.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\qOfJURD.exe
  C:\Windows\System\qOfJURD.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ekgDyBY.exe
  C:\Windows\System\ekgDyBY.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\tLVBsIK.exe
  C:\Windows\System\tLVBsIK.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\zKgMagd.exe
  C:\Windows\System\zKgMagd.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\UvHtnlp.exe
  C:\Windows\System\UvHtnlp.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\dzNBKXB.exe
  C:\Windows\System\dzNBKXB.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\PNJKelq.exe
  C:\Windows\System\PNJKelq.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\lkhUDRc.exe
  C:\Windows\System\lkhUDRc.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\aFXPzpw.exe
  C:\Windows\System\aFXPzpw.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\wgzrKVM.exe
  C:\Windows\System\wgzrKVM.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\igaUpwW.exe
  C:\Windows\System\igaUpwW.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\sDcKFUE.exe
  C:\Windows\System\sDcKFUE.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\asHWIJX.exe
  C:\Windows\System\asHWIJX.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\usTQgPz.exe
  C:\Windows\System\usTQgPz.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\pxTzMrK.exe
  C:\Windows\System\pxTzMrK.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\vWOjIGd.exe
  C:\Windows\System\vWOjIGd.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\mGHcDWL.exe
  C:\Windows\System\mGHcDWL.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ZKYaOrL.exe
  C:\Windows\System\ZKYaOrL.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vsPuZzq.exe
  C:\Windows\System\vsPuZzq.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\uRjJzmy.exe
  C:\Windows\System\uRjJzmy.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dPAYyOM.exe
  C:\Windows\System\dPAYyOM.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\MeOgIVg.exe
  C:\Windows\System\MeOgIVg.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\YBRmpGC.exe
  C:\Windows\System\YBRmpGC.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\hCnHjjW.exe
  C:\Windows\System\hCnHjjW.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\fWSISpT.exe
  C:\Windows\System\fWSISpT.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\NDKWwYq.exe
  C:\Windows\System\NDKWwYq.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\siwwOwY.exe
  C:\Windows\System\siwwOwY.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\OzMMmKE.exe
  C:\Windows\System\OzMMmKE.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\UadREQH.exe
  C:\Windows\System\UadREQH.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\vQeXnNI.exe
  C:\Windows\System\vQeXnNI.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ggEhMKQ.exe
  C:\Windows\System\ggEhMKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\eNqvGyq.exe
  C:\Windows\System\eNqvGyq.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\Cnmfevy.exe
  C:\Windows\System\Cnmfevy.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\jqxFDQV.exe
  C:\Windows\System\jqxFDQV.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\QyDYHGl.exe
  C:\Windows\System\QyDYHGl.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\fERYLJT.exe
  C:\Windows\System\fERYLJT.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ZNRKSBR.exe
  C:\Windows\System\ZNRKSBR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\JSmUQjT.exe
  C:\Windows\System\JSmUQjT.exe
  2⤵
  PID:1648
- C:\Windows\System\gxMgpwp.exe
  C:\Windows\System\gxMgpwp.exe
  2⤵
  PID:2168
- C:\Windows\System\odTVNjw.exe
  C:\Windows\System\odTVNjw.exe
  2⤵
  PID:2128
- C:\Windows\System\PXOENJL.exe
  C:\Windows\System\PXOENJL.exe
  2⤵
  PID:1052
- C:\Windows\System\YfTTCKc.exe
  C:\Windows\System\YfTTCKc.exe
  2⤵
  PID:2456
- C:\Windows\System\wnlEUsF.exe
  C:\Windows\System\wnlEUsF.exe
  2⤵
  PID:2888
- C:\Windows\System\HSzTnxw.exe
  C:\Windows\System\HSzTnxw.exe
  2⤵
  PID:572
- C:\Windows\System\ztZufIj.exe
  C:\Windows\System\ztZufIj.exe
  2⤵
  PID:996
- C:\Windows\System\PQTRoRk.exe
  C:\Windows\System\PQTRoRk.exe
  2⤵
  PID:2892
- C:\Windows\System\Rnonync.exe
  C:\Windows\System\Rnonync.exe
  2⤵
  PID:1736
- C:\Windows\System\vIWjEEA.exe
  C:\Windows\System\vIWjEEA.exe
  2⤵
  PID:1384
- C:\Windows\System\rLlJbvv.exe
  C:\Windows\System\rLlJbvv.exe
  2⤵
  PID:2376
- C:\Windows\System\FLAHNZB.exe
  C:\Windows\System\FLAHNZB.exe
  2⤵
  PID:1316
- C:\Windows\System\wLrdZAu.exe
  C:\Windows\System\wLrdZAu.exe
  2⤵
  PID:1968
- C:\Windows\System\GZRmoEg.exe
  C:\Windows\System\GZRmoEg.exe
  2⤵
  PID:1812
- C:\Windows\System\AqZkvaf.exe
  C:\Windows\System\AqZkvaf.exe
  2⤵
  PID:548
- C:\Windows\System\cWVOJdS.exe
  C:\Windows\System\cWVOJdS.exe
  2⤵
  PID:2248
- C:\Windows\System\JhXxMsP.exe
  C:\Windows\System\JhXxMsP.exe
  2⤵
  PID:2196
- C:\Windows\System\NIGDvFZ.exe
  C:\Windows\System\NIGDvFZ.exe
  2⤵
  PID:1752
- C:\Windows\System\BVffeGi.exe
  C:\Windows\System\BVffeGi.exe
  2⤵
  PID:2032
- C:\Windows\System\jnXCdcd.exe
  C:\Windows\System\jnXCdcd.exe
  2⤵
  PID:2096
- C:\Windows\System\yOpMZQj.exe
  C:\Windows\System\yOpMZQj.exe
  2⤵
  PID:2424
- C:\Windows\System\QYEKSfn.exe
  C:\Windows\System\QYEKSfn.exe
  2⤵
  PID:2036
- C:\Windows\System\hkKGjmc.exe
  C:\Windows\System\hkKGjmc.exe
  2⤵
  PID:1704
- C:\Windows\System\BXELYVN.exe
  C:\Windows\System\BXELYVN.exe
  2⤵
  PID:2944
- C:\Windows\System\IdZpzIp.exe
  C:\Windows\System\IdZpzIp.exe
  2⤵
  PID:2976
- C:\Windows\System\fOOzfSH.exe
  C:\Windows\System\fOOzfSH.exe
  2⤵
  PID:2780
- C:\Windows\System\HDpPGTH.exe
  C:\Windows\System\HDpPGTH.exe
  2⤵
  PID:2544
- C:\Windows\System\LDdYOyB.exe
  C:\Windows\System\LDdYOyB.exe
  2⤵
  PID:1156
- C:\Windows\System\XnrMijK.exe
  C:\Windows\System\XnrMijK.exe
  2⤵
  PID:1184
- C:\Windows\System\ogYccLt.exe
  C:\Windows\System\ogYccLt.exe
  2⤵
  PID:1656
- C:\Windows\System\ZXPWUxQ.exe
  C:\Windows\System\ZXPWUxQ.exe
  2⤵
  PID:2152
- C:\Windows\System\aMTXykD.exe
  C:\Windows\System\aMTXykD.exe
  2⤵
  PID:1624
- C:\Windows\System\RCstZyx.exe
  C:\Windows\System\RCstZyx.exe
  2⤵
  PID:1304
- C:\Windows\System\szpCWlR.exe
  C:\Windows\System\szpCWlR.exe
  2⤵
  PID:2448
- C:\Windows\System\CkQrdPy.exe
  C:\Windows\System\CkQrdPy.exe
  2⤵
  PID:3084
- C:\Windows\System\UoukaRh.exe
  C:\Windows\System\UoukaRh.exe
  2⤵
  PID:3108
- C:\Windows\System\vqZaURJ.exe
  C:\Windows\System\vqZaURJ.exe
  2⤵
  PID:3124
- C:\Windows\System\indZYBn.exe
  C:\Windows\System\indZYBn.exe
  2⤵
  PID:3148
- C:\Windows\System\bNRvdkZ.exe
  C:\Windows\System\bNRvdkZ.exe
  2⤵
  PID:3168
- C:\Windows\System\mLEFrCS.exe
  C:\Windows\System\mLEFrCS.exe
  2⤵
  PID:3188
- C:\Windows\System\nLbfaos.exe
  C:\Windows\System\nLbfaos.exe
  2⤵
  PID:3204
- C:\Windows\System\zOeRghS.exe
  C:\Windows\System\zOeRghS.exe
  2⤵
  PID:3228
- C:\Windows\System\PiFealL.exe
  C:\Windows\System\PiFealL.exe
  2⤵
  PID:3248
- C:\Windows\System\FpctOuQ.exe
  C:\Windows\System\FpctOuQ.exe
  2⤵
  PID:3272
- C:\Windows\System\SnAmXja.exe
  C:\Windows\System\SnAmXja.exe
  2⤵
  PID:3292
- C:\Windows\System\OdOhRWl.exe
  C:\Windows\System\OdOhRWl.exe
  2⤵
  PID:3312
- C:\Windows\System\BXTzuXB.exe
  C:\Windows\System\BXTzuXB.exe
  2⤵
  PID:3328
- C:\Windows\System\ObVsJdb.exe
  C:\Windows\System\ObVsJdb.exe
  2⤵
  PID:3352
- C:\Windows\System\oMYymPm.exe
  C:\Windows\System\oMYymPm.exe
  2⤵
  PID:3372
- C:\Windows\System\YlzgHNe.exe
  C:\Windows\System\YlzgHNe.exe
  2⤵
  PID:3392
- C:\Windows\System\qmWEQcr.exe
  C:\Windows\System\qmWEQcr.exe
  2⤵
  PID:3412
- C:\Windows\System\OFVrNFf.exe
  C:\Windows\System\OFVrNFf.exe
  2⤵
  PID:3432
- C:\Windows\System\WIUEvHM.exe
  C:\Windows\System\WIUEvHM.exe
  2⤵
  PID:3452
- C:\Windows\System\rkoGhWK.exe
  C:\Windows\System\rkoGhWK.exe
  2⤵
  PID:3472
- C:\Windows\System\PqEnkUW.exe
  C:\Windows\System\PqEnkUW.exe
  2⤵
  PID:3492
- C:\Windows\System\qMRTJOh.exe
  C:\Windows\System\qMRTJOh.exe
  2⤵
  PID:3512
- C:\Windows\System\xJubCBV.exe
  C:\Windows\System\xJubCBV.exe
  2⤵
  PID:3528
- C:\Windows\System\lkfzObS.exe
  C:\Windows\System\lkfzObS.exe
  2⤵
  PID:3552
- C:\Windows\System\KfKUINo.exe
  C:\Windows\System\KfKUINo.exe
  2⤵
  PID:3568
- C:\Windows\System\FArlZQM.exe
  C:\Windows\System\FArlZQM.exe
  2⤵
  PID:3592
- C:\Windows\System\mJVfoBD.exe
  C:\Windows\System\mJVfoBD.exe
  2⤵
  PID:3608
- C:\Windows\System\RggWejf.exe
  C:\Windows\System\RggWejf.exe
  2⤵
  PID:3632
- C:\Windows\System\mCwBsfi.exe
  C:\Windows\System\mCwBsfi.exe
  2⤵
  PID:3648
- C:\Windows\System\rtwsJXe.exe
  C:\Windows\System\rtwsJXe.exe
  2⤵
  PID:3668
- C:\Windows\System\IVnjaAJ.exe
  C:\Windows\System\IVnjaAJ.exe
  2⤵
  PID:3684
- C:\Windows\System\FakrnGm.exe
  C:\Windows\System\FakrnGm.exe
  2⤵
  PID:3712
- C:\Windows\System\kHySRzA.exe
  C:\Windows\System\kHySRzA.exe
  2⤵
  PID:3732
- C:\Windows\System\kwYwDYk.exe
  C:\Windows\System\kwYwDYk.exe
  2⤵
  PID:3748
- C:\Windows\System\lPsIpfV.exe
  C:\Windows\System\lPsIpfV.exe
  2⤵
  PID:3768
- C:\Windows\System\duqTqWa.exe
  C:\Windows\System\duqTqWa.exe
  2⤵
  PID:3788
- C:\Windows\System\isfubjq.exe
  C:\Windows\System\isfubjq.exe
  2⤵
  PID:3812
- C:\Windows\System\aDtaIQR.exe
  C:\Windows\System\aDtaIQR.exe
  2⤵
  PID:3832
- C:\Windows\System\vBeYJFe.exe
  C:\Windows\System\vBeYJFe.exe
  2⤵
  PID:3848
- C:\Windows\System\zQkWhlE.exe
  C:\Windows\System\zQkWhlE.exe
  2⤵
  PID:3864
- C:\Windows\System\DHgMpzi.exe
  C:\Windows\System\DHgMpzi.exe
  2⤵
  PID:3888
- C:\Windows\System\nFhisbH.exe
  C:\Windows\System\nFhisbH.exe
  2⤵
  PID:3908
- C:\Windows\System\yOOpXdE.exe
  C:\Windows\System\yOOpXdE.exe
  2⤵
  PID:3932
- C:\Windows\System\bSvIUHD.exe
  C:\Windows\System\bSvIUHD.exe
  2⤵
  PID:3952
- C:\Windows\System\AaCMAxA.exe
  C:\Windows\System\AaCMAxA.exe
  2⤵
  PID:3972
- C:\Windows\System\HZLVlTC.exe
  C:\Windows\System\HZLVlTC.exe
  2⤵
  PID:3992
- C:\Windows\System\GXXszVE.exe
  C:\Windows\System\GXXszVE.exe
  2⤵
  PID:4020
- C:\Windows\System\eGCXFPy.exe
  C:\Windows\System\eGCXFPy.exe
  2⤵
  PID:4036
- C:\Windows\System\ewbltoH.exe
  C:\Windows\System\ewbltoH.exe
  2⤵
  PID:4056
- C:\Windows\System\gVYsbKW.exe
  C:\Windows\System\gVYsbKW.exe
  2⤵
  PID:4080
- C:\Windows\System\BGxKcCY.exe
  C:\Windows\System\BGxKcCY.exe
  2⤵
  PID:316
- C:\Windows\System\oxMRhgP.exe
  C:\Windows\System\oxMRhgP.exe
  2⤵
  PID:2208
- C:\Windows\System\OKerhmB.exe
  C:\Windows\System\OKerhmB.exe
  2⤵
  PID:2092
- C:\Windows\System\CfQvaId.exe
  C:\Windows\System\CfQvaId.exe
  2⤵
  PID:800
- C:\Windows\System\RqyvZRd.exe
  C:\Windows\System\RqyvZRd.exe
  2⤵
  PID:920
- C:\Windows\System\SJqzURP.exe
  C:\Windows\System\SJqzURP.exe
  2⤵
  PID:708
- C:\Windows\System\xDWkoyH.exe
  C:\Windows\System\xDWkoyH.exe
  2⤵
  PID:2264
- C:\Windows\System\rbTjohR.exe
  C:\Windows\System\rbTjohR.exe
  2⤵
  PID:2260
- C:\Windows\System\vqvuTcG.exe
  C:\Windows\System\vqvuTcG.exe
  2⤵
  PID:1892
- C:\Windows\System\WeXFVwl.exe
  C:\Windows\System\WeXFVwl.exe
  2⤵
  PID:3052
- C:\Windows\System\yplSDTF.exe
  C:\Windows\System\yplSDTF.exe
  2⤵
  PID:2740
- C:\Windows\System\NlwaVPd.exe
  C:\Windows\System\NlwaVPd.exe
  2⤵
  PID:2468
- C:\Windows\System\zALHAiG.exe
  C:\Windows\System\zALHAiG.exe
  2⤵
  PID:2136
- C:\Windows\System\nPzTSXw.exe
  C:\Windows\System\nPzTSXw.exe
  2⤵
  PID:2112
- C:\Windows\System\ImgXSPn.exe
  C:\Windows\System\ImgXSPn.exe
  2⤵
  PID:1880
- C:\Windows\System\YJNPshs.exe
  C:\Windows\System\YJNPshs.exe
  2⤵
  PID:1908
- C:\Windows\System\BfjQsyZ.exe
  C:\Windows\System\BfjQsyZ.exe
  2⤵
  PID:3096
- C:\Windows\System\zqmdsHM.exe
  C:\Windows\System\zqmdsHM.exe
  2⤵
  PID:3140
- C:\Windows\System\rHbDMby.exe
  C:\Windows\System\rHbDMby.exe
  2⤵
  PID:3180
- C:\Windows\System\IqIKyJG.exe
  C:\Windows\System\IqIKyJG.exe
  2⤵
  PID:3212
- C:\Windows\System\JmLVakt.exe
  C:\Windows\System\JmLVakt.exe
  2⤵
  PID:3256
- C:\Windows\System\XTCxXHG.exe
  C:\Windows\System\XTCxXHG.exe
  2⤵
  PID:3244
- C:\Windows\System\CRmxglr.exe
  C:\Windows\System\CRmxglr.exe
  2⤵
  PID:3308
- C:\Windows\System\BOJKwsT.exe
  C:\Windows\System\BOJKwsT.exe
  2⤵
  PID:3348
- C:\Windows\System\LgACJRr.exe
  C:\Windows\System\LgACJRr.exe
  2⤵
  PID:3388
- C:\Windows\System\ccDOuzs.exe
  C:\Windows\System\ccDOuzs.exe
  2⤵
  PID:3368
- C:\Windows\System\UnXUZoJ.exe
  C:\Windows\System\UnXUZoJ.exe
  2⤵
  PID:3428
- C:\Windows\System\mEuwTGj.exe
  C:\Windows\System\mEuwTGj.exe
  2⤵
  PID:3464
- C:\Windows\System\UppUAUt.exe
  C:\Windows\System\UppUAUt.exe
  2⤵
  PID:3504
- C:\Windows\System\yqTnAah.exe
  C:\Windows\System\yqTnAah.exe
  2⤵
  PID:3488
- C:\Windows\System\USlkFMQ.exe
  C:\Windows\System\USlkFMQ.exe
  2⤵
  PID:3520
- C:\Windows\System\XPklkUr.exe
  C:\Windows\System\XPklkUr.exe
  2⤵
  PID:3616
- C:\Windows\System\GdbwcTK.exe
  C:\Windows\System\GdbwcTK.exe
  2⤵
  PID:3656
- C:\Windows\System\GlFZvTI.exe
  C:\Windows\System\GlFZvTI.exe
  2⤵
  PID:3564
- C:\Windows\System\FiIbBMV.exe
  C:\Windows\System\FiIbBMV.exe
  2⤵
  PID:3700
- C:\Windows\System\OvyPPto.exe
  C:\Windows\System\OvyPPto.exe
  2⤵
  PID:3740
- C:\Windows\System\pYBWtbh.exe
  C:\Windows\System\pYBWtbh.exe
  2⤵
  PID:3720
- C:\Windows\System\UMaIoHV.exe
  C:\Windows\System\UMaIoHV.exe
  2⤵
  PID:3820
- C:\Windows\System\bLYuFtb.exe
  C:\Windows\System\bLYuFtb.exe
  2⤵
  PID:3756
- C:\Windows\System\LjZHOkB.exe
  C:\Windows\System\LjZHOkB.exe
  2⤵
  PID:3844
- C:\Windows\System\ZsfaJid.exe
  C:\Windows\System\ZsfaJid.exe
  2⤵
  PID:3940
- C:\Windows\System\QLKNVSM.exe
  C:\Windows\System\QLKNVSM.exe
  2⤵
  PID:3980
- C:\Windows\System\KcMNvrL.exe
  C:\Windows\System\KcMNvrL.exe
  2⤵
  PID:3984
- C:\Windows\System\PjcAuoZ.exe
  C:\Windows\System\PjcAuoZ.exe
  2⤵
  PID:3968
- C:\Windows\System\rlTMcoU.exe
  C:\Windows\System\rlTMcoU.exe
  2⤵
  PID:4004
- C:\Windows\System\ixlTDQz.exe
  C:\Windows\System\ixlTDQz.exe
  2⤵
  PID:4076
- C:\Windows\System\jbRMEhn.exe
  C:\Windows\System\jbRMEhn.exe
  2⤵
  PID:4052
- C:\Windows\System\kGFsRZX.exe
  C:\Windows\System\kGFsRZX.exe
  2⤵
  PID:912
- C:\Windows\System\syZhLDu.exe
  C:\Windows\System\syZhLDu.exe
  2⤵
  PID:3044
- C:\Windows\System\YdcfdJB.exe
  C:\Windows\System\YdcfdJB.exe
  2⤵
  PID:1028
- C:\Windows\System\QBmZcNl.exe
  C:\Windows\System\QBmZcNl.exe
  2⤵
  PID:2124
- C:\Windows\System\vUvUuMU.exe
  C:\Windows\System\vUvUuMU.exe
  2⤵
  PID:2312
- C:\Windows\System\YlNPBzq.exe
  C:\Windows\System\YlNPBzq.exe
  2⤵
  PID:1388
- C:\Windows\System\XhvDcsA.exe
  C:\Windows\System\XhvDcsA.exe
  2⤵
  PID:2692
- C:\Windows\System\hpumTAs.exe
  C:\Windows\System\hpumTAs.exe
  2⤵
  PID:2220
- C:\Windows\System\BQSWdpE.exe
  C:\Windows\System\BQSWdpE.exe
  2⤵
  PID:1476
- C:\Windows\System\xnfFVzr.exe
  C:\Windows\System\xnfFVzr.exe
  2⤵
  PID:1484
- C:\Windows\System\CDMbHSD.exe
  C:\Windows\System\CDMbHSD.exe
  2⤵
  PID:3092
- C:\Windows\System\frouLPb.exe
  C:\Windows\System\frouLPb.exe
  2⤵
  PID:3264
- C:\Windows\System\UrrnAvK.exe
  C:\Windows\System\UrrnAvK.exe
  2⤵
  PID:3176
- C:\Windows\System\AyUiQZV.exe
  C:\Windows\System\AyUiQZV.exe
  2⤵
  PID:3300
- C:\Windows\System\mprRVce.exe
  C:\Windows\System\mprRVce.exe
  2⤵
  PID:3324
- C:\Windows\System\MFsvwbg.exe
  C:\Windows\System\MFsvwbg.exe
  2⤵
  PID:3408
- C:\Windows\System\skhTbjh.exe
  C:\Windows\System\skhTbjh.exe
  2⤵
  PID:3480
- C:\Windows\System\dZOgfYu.exe
  C:\Windows\System\dZOgfYu.exe
  2⤵
  PID:3576
- C:\Windows\System\BYDQbGj.exe
  C:\Windows\System\BYDQbGj.exe
  2⤵
  PID:3508
- C:\Windows\System\CViSCph.exe
  C:\Windows\System\CViSCph.exe
  2⤵
  PID:3644
- C:\Windows\System\KyXLIrZ.exe
  C:\Windows\System\KyXLIrZ.exe
  2⤵
  PID:3624
- C:\Windows\System\pdvkVIM.exe
  C:\Windows\System\pdvkVIM.exe
  2⤵
  PID:3776
- C:\Windows\System\suKSKKt.exe
  C:\Windows\System\suKSKKt.exe
  2⤵
  PID:3760
- C:\Windows\System\tbuJJmo.exe
  C:\Windows\System\tbuJJmo.exe
  2⤵
  PID:3872
- C:\Windows\System\WdhcPkz.exe
  C:\Windows\System\WdhcPkz.exe
  2⤵
  PID:3800
- C:\Windows\System\JUqdMtj.exe
  C:\Windows\System\JUqdMtj.exe
  2⤵
  PID:2696
- C:\Windows\System\aCtZauq.exe
  C:\Windows\System\aCtZauq.exe
  2⤵
  PID:3884
- C:\Windows\System\aznzoJR.exe
  C:\Windows\System\aznzoJR.exe
  2⤵
  PID:1468
- C:\Windows\System\ZkjgorR.exe
  C:\Windows\System\ZkjgorR.exe
  2⤵
  PID:2020
- C:\Windows\System\ovDrmBO.exe
  C:\Windows\System\ovDrmBO.exe
  2⤵
  PID:1616
- C:\Windows\System\xpFOBNq.exe
  C:\Windows\System\xpFOBNq.exe
  2⤵
  PID:2304
- C:\Windows\System\bPPLjcy.exe
  C:\Windows\System\bPPLjcy.exe
  2⤵
  PID:1768
- C:\Windows\System\sPVwnsG.exe
  C:\Windows\System\sPVwnsG.exe
  2⤵
  PID:864
- C:\Windows\System\cbzWWxC.exe
  C:\Windows\System\cbzWWxC.exe
  2⤵
  PID:2988
- C:\Windows\System\phcNrzI.exe
  C:\Windows\System\phcNrzI.exe
  2⤵
  PID:2720
- C:\Windows\System\HXbxcdy.exe
  C:\Windows\System\HXbxcdy.exe
  2⤵
  PID:3116
- C:\Windows\System\gvmLtir.exe
  C:\Windows\System\gvmLtir.exe
  2⤵
  PID:3280
- C:\Windows\System\uGUdTLF.exe
  C:\Windows\System\uGUdTLF.exe
  2⤵
  PID:4104
- C:\Windows\System\GInUaYh.exe
  C:\Windows\System\GInUaYh.exe
  2⤵
  PID:4124
- C:\Windows\System\fzhTiLF.exe
  C:\Windows\System\fzhTiLF.exe
  2⤵
  PID:4144
- C:\Windows\System\pPPeQqt.exe
  C:\Windows\System\pPPeQqt.exe
  2⤵
  PID:4164
- C:\Windows\System\RhXeeEg.exe
  C:\Windows\System\RhXeeEg.exe
  2⤵
  PID:4184
- C:\Windows\System\zOLmPxo.exe
  C:\Windows\System\zOLmPxo.exe
  2⤵
  PID:4204
- C:\Windows\System\kBTQNfX.exe
  C:\Windows\System\kBTQNfX.exe
  2⤵
  PID:4220
- C:\Windows\System\kjatTwv.exe
  C:\Windows\System\kjatTwv.exe
  2⤵
  PID:4248
- C:\Windows\System\XuChAYL.exe
  C:\Windows\System\XuChAYL.exe
  2⤵
  PID:4264
- C:\Windows\System\dcUYyvq.exe
  C:\Windows\System\dcUYyvq.exe
  2⤵
  PID:4288
- C:\Windows\System\edukuFK.exe
  C:\Windows\System\edukuFK.exe
  2⤵
  PID:4308
- C:\Windows\System\bCouNDV.exe
  C:\Windows\System\bCouNDV.exe
  2⤵
  PID:4328
- C:\Windows\System\DZQgphI.exe
  C:\Windows\System\DZQgphI.exe
  2⤵
  PID:4348
- C:\Windows\System\iEugpSX.exe
  C:\Windows\System\iEugpSX.exe
  2⤵
  PID:4368
- C:\Windows\System\zQoBwXu.exe
  C:\Windows\System\zQoBwXu.exe
  2⤵
  PID:4384
- C:\Windows\System\stuEolO.exe
  C:\Windows\System\stuEolO.exe
  2⤵
  PID:4408
- C:\Windows\System\FDQQOIf.exe
  C:\Windows\System\FDQQOIf.exe
  2⤵
  PID:4424
- C:\Windows\System\apIUzCi.exe
  C:\Windows\System\apIUzCi.exe
  2⤵
  PID:4444
- C:\Windows\System\OGAbyOf.exe
  C:\Windows\System\OGAbyOf.exe
  2⤵
  PID:4464
- C:\Windows\System\ZiEnYal.exe
  C:\Windows\System\ZiEnYal.exe
  2⤵
  PID:4484
- C:\Windows\System\xGPdawc.exe
  C:\Windows\System\xGPdawc.exe
  2⤵
  PID:4504
- C:\Windows\System\pMbfMTx.exe
  C:\Windows\System\pMbfMTx.exe
  2⤵
  PID:4528
- C:\Windows\System\GzcQlWG.exe
  C:\Windows\System\GzcQlWG.exe
  2⤵
  PID:4548
- C:\Windows\System\wsOhzOA.exe
  C:\Windows\System\wsOhzOA.exe
  2⤵
  PID:4568
- C:\Windows\System\ynjnBPd.exe
  C:\Windows\System\ynjnBPd.exe
  2⤵
  PID:4584
- C:\Windows\System\CpwUcpu.exe
  C:\Windows\System\CpwUcpu.exe
  2⤵
  PID:4608
- C:\Windows\System\XlbHWFZ.exe
  C:\Windows\System\XlbHWFZ.exe
  2⤵
  PID:4628
- C:\Windows\System\TMvPdSk.exe
  C:\Windows\System\TMvPdSk.exe
  2⤵
  PID:4648
- C:\Windows\System\xcZtfxD.exe
  C:\Windows\System\xcZtfxD.exe
  2⤵
  PID:4664
- C:\Windows\System\BvMnopg.exe
  C:\Windows\System\BvMnopg.exe
  2⤵
  PID:4684
- C:\Windows\System\yrSyYXB.exe
  C:\Windows\System\yrSyYXB.exe
  2⤵
  PID:4704
- C:\Windows\System\CBONdGP.exe
  C:\Windows\System\CBONdGP.exe
  2⤵
  PID:4728
- C:\Windows\System\NFRAfEN.exe
  C:\Windows\System\NFRAfEN.exe
  2⤵
  PID:4744
- C:\Windows\System\iAurBHi.exe
  C:\Windows\System\iAurBHi.exe
  2⤵
  PID:4768
- C:\Windows\System\wfGtBag.exe
  C:\Windows\System\wfGtBag.exe
  2⤵
  PID:4788
- C:\Windows\System\WooZMGX.exe
  C:\Windows\System\WooZMGX.exe
  2⤵
  PID:4808
- C:\Windows\System\WYjxSSG.exe
  C:\Windows\System\WYjxSSG.exe
  2⤵
  PID:4824
- C:\Windows\System\CyfNhfU.exe
  C:\Windows\System\CyfNhfU.exe
  2⤵
  PID:4848
- C:\Windows\System\uenOcYZ.exe
  C:\Windows\System\uenOcYZ.exe
  2⤵
  PID:4868
- C:\Windows\System\DkHqqHf.exe
  C:\Windows\System\DkHqqHf.exe
  2⤵
  PID:4888
- C:\Windows\System\dmZVXtc.exe
  C:\Windows\System\dmZVXtc.exe
  2⤵
  PID:4908
- C:\Windows\System\uRwxHcp.exe
  C:\Windows\System\uRwxHcp.exe
  2⤵
  PID:4928
- C:\Windows\System\ctdRiny.exe
  C:\Windows\System\ctdRiny.exe
  2⤵
  PID:4944
- C:\Windows\System\UoYdBvr.exe
  C:\Windows\System\UoYdBvr.exe
  2⤵
  PID:4968
- C:\Windows\System\rCznOYI.exe
  C:\Windows\System\rCznOYI.exe
  2⤵
  PID:4988
- C:\Windows\System\ontqJxt.exe
  C:\Windows\System\ontqJxt.exe
  2⤵
  PID:5008
- C:\Windows\System\mFHAnkj.exe
  C:\Windows\System\mFHAnkj.exe
  2⤵
  PID:5028
- C:\Windows\System\nnIcNTC.exe
  C:\Windows\System\nnIcNTC.exe
  2⤵
  PID:5048
- C:\Windows\System\lNwOznG.exe
  C:\Windows\System\lNwOznG.exe
  2⤵
  PID:5068
- C:\Windows\System\XbwDuPO.exe
  C:\Windows\System\XbwDuPO.exe
  2⤵
  PID:5088
- C:\Windows\System\LxgPVPi.exe
  C:\Windows\System\LxgPVPi.exe
  2⤵
  PID:5108
- C:\Windows\System\CjULQac.exe
  C:\Windows\System\CjULQac.exe
  2⤵
  PID:3460
- C:\Windows\System\whfQYAp.exe
  C:\Windows\System\whfQYAp.exe
  2⤵
  PID:3584
- C:\Windows\System\IKEKvNM.exe
  C:\Windows\System\IKEKvNM.exe
  2⤵
  PID:3360
- C:\Windows\System\OfZfyqL.exe
  C:\Windows\System\OfZfyqL.exe
  2⤵
  PID:2384
- C:\Windows\System\fjdDrXN.exe
  C:\Windows\System\fjdDrXN.exe
  2⤵
  PID:3784
- C:\Windows\System\JcbupQh.exe
  C:\Windows\System\JcbupQh.exe
  2⤵
  PID:2940
- C:\Windows\System\bPvnJZG.exe
  C:\Windows\System\bPvnJZG.exe
  2⤵
  PID:3944
- C:\Windows\System\MPkHvOx.exe
  C:\Windows\System\MPkHvOx.exe
  2⤵
  PID:3900
- C:\Windows\System\ridXwWK.exe
  C:\Windows\System\ridXwWK.exe
  2⤵
  PID:2812
- C:\Windows\System\unuBJVA.exe
  C:\Windows\System\unuBJVA.exe
  2⤵
  PID:4032
- C:\Windows\System\ULKpGbC.exe
  C:\Windows\System\ULKpGbC.exe
  2⤵
  PID:3068
- C:\Windows\System\PHXEqio.exe
  C:\Windows\System\PHXEqio.exe
  2⤵
  PID:3144
- C:\Windows\System\dUjtnEI.exe
  C:\Windows\System\dUjtnEI.exe
  2⤵
  PID:2600
- C:\Windows\System\jnaLihb.exe
  C:\Windows\System\jnaLihb.exe
  2⤵
  PID:3076
- C:\Windows\System\aMIYUdr.exe
  C:\Windows\System\aMIYUdr.exe
  2⤵
  PID:4152
- C:\Windows\System\FQOmwpP.exe
  C:\Windows\System\FQOmwpP.exe
  2⤵
  PID:4192
- C:\Windows\System\ECREZvZ.exe
  C:\Windows\System\ECREZvZ.exe
  2⤵
  PID:4136
- C:\Windows\System\VKkqwMR.exe
  C:\Windows\System\VKkqwMR.exe
  2⤵
  PID:4228
- C:\Windows\System\IvZHPgB.exe
  C:\Windows\System\IvZHPgB.exe
  2⤵
  PID:4216
- C:\Windows\System\LYHRCyM.exe
  C:\Windows\System\LYHRCyM.exe
  2⤵
  PID:4284
- C:\Windows\System\nqtdorQ.exe
  C:\Windows\System\nqtdorQ.exe
  2⤵
  PID:4320
- C:\Windows\System\alXohjP.exe
  C:\Windows\System\alXohjP.exe
  2⤵
  PID:4356
- C:\Windows\System\yTKAnqK.exe
  C:\Windows\System\yTKAnqK.exe
  2⤵
  PID:4340
- C:\Windows\System\julJKkI.exe
  C:\Windows\System\julJKkI.exe
  2⤵
  PID:4376
- C:\Windows\System\vrlpTlT.exe
  C:\Windows\System\vrlpTlT.exe
  2⤵
  PID:4440
- C:\Windows\System\mATIVbm.exe
  C:\Windows\System\mATIVbm.exe
  2⤵
  PID:4476
- C:\Windows\System\saZLDOP.exe
  C:\Windows\System\saZLDOP.exe
  2⤵
  PID:4496
- C:\Windows\System\VfphcVO.exe
  C:\Windows\System\VfphcVO.exe
  2⤵
  PID:4492
- C:\Windows\System\YjhgZaO.exe
  C:\Windows\System\YjhgZaO.exe
  2⤵
  PID:4540
- C:\Windows\System\BIAbEgY.exe
  C:\Windows\System\BIAbEgY.exe
  2⤵
  PID:4600
- C:\Windows\System\NMQmTYC.exe
  C:\Windows\System\NMQmTYC.exe
  2⤵
  PID:4644
- C:\Windows\System\qcjxjzD.exe
  C:\Windows\System\qcjxjzD.exe
  2⤵
  PID:4616
- C:\Windows\System\CDXJYXn.exe
  C:\Windows\System\CDXJYXn.exe
  2⤵
  PID:4712
- C:\Windows\System\TPqUCsU.exe
  C:\Windows\System\TPqUCsU.exe
  2⤵
  PID:4700
- C:\Windows\System\TGeOyIf.exe
  C:\Windows\System\TGeOyIf.exe
  2⤵
  PID:4736
- C:\Windows\System\ejdVkVQ.exe
  C:\Windows\System\ejdVkVQ.exe
  2⤵
  PID:4760
- C:\Windows\System\rxgWAyd.exe
  C:\Windows\System\rxgWAyd.exe
  2⤵
  PID:4840
- C:\Windows\System\ZmsknYd.exe
  C:\Windows\System\ZmsknYd.exe
  2⤵
  PID:4784
- C:\Windows\System\ZbTEjhT.exe
  C:\Windows\System\ZbTEjhT.exe
  2⤵
  PID:4884
- C:\Windows\System\xXsptVp.exe
  C:\Windows\System\xXsptVp.exe
  2⤵
  PID:4920
- C:\Windows\System\GQuLflE.exe
  C:\Windows\System\GQuLflE.exe
  2⤵
  PID:4956
- C:\Windows\System\zNzRQLg.exe
  C:\Windows\System\zNzRQLg.exe
  2⤵
  PID:5004
- C:\Windows\System\LEXnriT.exe
  C:\Windows\System\LEXnriT.exe
  2⤵
  PID:5040
- C:\Windows\System\faORocB.exe
  C:\Windows\System\faORocB.exe
  2⤵
  PID:5080
- C:\Windows\System\KxRKvQW.exe
  C:\Windows\System\KxRKvQW.exe
  2⤵
  PID:5116
- C:\Windows\System\enZPXsn.exe
  C:\Windows\System\enZPXsn.exe
  2⤵
  PID:5020
- C:\Windows\System\ZvBonNr.exe
  C:\Windows\System\ZvBonNr.exe
  2⤵
  PID:3704
- C:\Windows\System\lkNzLtQ.exe
  C:\Windows\System\lkNzLtQ.exe
  2⤵
  PID:3840
- C:\Windows\System\rhDqQHl.exe
  C:\Windows\System\rhDqQHl.exe
  2⤵
  PID:5100
- C:\Windows\System\NfWRnbe.exe
  C:\Windows\System\NfWRnbe.exe
  2⤵
  PID:3344
- C:\Windows\System\AZlwcBN.exe
  C:\Windows\System\AZlwcBN.exe
  2⤵
  PID:3484
- C:\Windows\System\VlOQHlV.exe
  C:\Windows\System\VlOQHlV.exe
  2⤵
  PID:2896
- C:\Windows\System\XYVoQxs.exe
  C:\Windows\System\XYVoQxs.exe
  2⤵
  PID:2672
- C:\Windows\System\SHbLbLR.exe
  C:\Windows\System\SHbLbLR.exe
  2⤵
  PID:1472
- C:\Windows\System\irKcGrW.exe
  C:\Windows\System\irKcGrW.exe
  2⤵
  PID:4028
- C:\Windows\System\lJQUFkA.exe
  C:\Windows\System\lJQUFkA.exe
  2⤵
  PID:4116
- C:\Windows\System\kFvVYDk.exe
  C:\Windows\System\kFvVYDk.exe
  2⤵
  PID:4132
- C:\Windows\System\TPGJkFf.exe
  C:\Windows\System\TPGJkFf.exe
  2⤵
  PID:4316
- C:\Windows\System\dROVWNb.exe
  C:\Windows\System\dROVWNb.exe
  2⤵
  PID:4172
- C:\Windows\System\xqULLlQ.exe
  C:\Windows\System\xqULLlQ.exe
  2⤵
  PID:4324
- C:\Windows\System\FcQIuVc.exe
  C:\Windows\System\FcQIuVc.exe
  2⤵
  PID:4336
- C:\Windows\System\wubHylq.exe
  C:\Windows\System\wubHylq.exe
  2⤵
  PID:1652
- C:\Windows\System\gydODGV.exe
  C:\Windows\System\gydODGV.exe
  2⤵
  PID:4432
- C:\Windows\System\aPwZGON.exe
  C:\Windows\System\aPwZGON.exe
  2⤵
  PID:4404
- C:\Windows\System\VnAVHLM.exe
  C:\Windows\System\VnAVHLM.exe
  2⤵
  PID:4516
- C:\Windows\System\xSHQIkz.exe
  C:\Windows\System\xSHQIkz.exe
  2⤵
  PID:4544
- C:\Windows\System\LozfrFS.exe
  C:\Windows\System\LozfrFS.exe
  2⤵
  PID:4640
- C:\Windows\System\mMMNOOA.exe
  C:\Windows\System\mMMNOOA.exe
  2⤵
  PID:4660
- C:\Windows\System\CxiiNZB.exe
  C:\Windows\System\CxiiNZB.exe
  2⤵
  PID:4720
- C:\Windows\System\ulUCWhG.exe
  C:\Windows\System\ulUCWhG.exe
  2⤵
  PID:4696
- C:\Windows\System\tDKiqpt.exe
  C:\Windows\System\tDKiqpt.exe
  2⤵
  PID:4756
- C:\Windows\System\fSTgXGN.exe
  C:\Windows\System\fSTgXGN.exe
  2⤵
  PID:4836
- C:\Windows\System\Bvalind.exe
  C:\Windows\System\Bvalind.exe
  2⤵
  PID:4780
- C:\Windows\System\FdsHvaC.exe
  C:\Windows\System\FdsHvaC.exe
  2⤵
  PID:2540
- C:\Windows\System\RruFkFM.exe
  C:\Windows\System\RruFkFM.exe
  2⤵
  PID:4900
- C:\Windows\System\mJzeSfU.exe
  C:\Windows\System\mJzeSfU.exe
  2⤵
  PID:4996
- C:\Windows\System\wDnmxum.exe
  C:\Windows\System\wDnmxum.exe
  2⤵
  PID:1152
- C:\Windows\System\vJIrbDA.exe
  C:\Windows\System\vJIrbDA.exe
  2⤵
  PID:1364
- C:\Windows\System\UEmrjkX.exe
  C:\Windows\System\UEmrjkX.exe
  2⤵
  PID:1088
- C:\Windows\System\wJuxVhR.exe
  C:\Windows\System\wJuxVhR.exe
  2⤵
  PID:5096
- C:\Windows\System\LSIQYSB.exe
  C:\Windows\System\LSIQYSB.exe
  2⤵
  PID:868
- C:\Windows\System\yJwWUBw.exe
  C:\Windows\System\yJwWUBw.exe
  2⤵
  PID:4092
- C:\Windows\System\LUDMTRr.exe
  C:\Windows\System\LUDMTRr.exe
  2⤵
  PID:2412
- C:\Windows\System\NUlERwE.exe
  C:\Windows\System\NUlERwE.exe
  2⤵
  PID:3160
- C:\Windows\System\wgqmQja.exe
  C:\Windows\System\wgqmQja.exe
  2⤵
  PID:1396
- C:\Windows\System\VxhgAle.exe
  C:\Windows\System\VxhgAle.exe
  2⤵
  PID:3640
- C:\Windows\System\QPwtdRt.exe
  C:\Windows\System\QPwtdRt.exe
  2⤵
  PID:3200
- C:\Windows\System\NUkhqLj.exe
  C:\Windows\System\NUkhqLj.exe
  2⤵
  PID:4100
- C:\Windows\System\zVGdztK.exe
  C:\Windows\System\zVGdztK.exe
  2⤵
  PID:4344
- C:\Windows\System\WrWhliZ.exe
  C:\Windows\System\WrWhliZ.exe
  2⤵
  PID:4276
- C:\Windows\System\MkLKoab.exe
  C:\Windows\System\MkLKoab.exe
  2⤵
  PID:4396
- C:\Windows\System\WvjgauQ.exe
  C:\Windows\System\WvjgauQ.exe
  2⤵
  PID:2088
- C:\Windows\System\ObapuYy.exe
  C:\Windows\System\ObapuYy.exe
  2⤵
  PID:2964
- C:\Windows\System\INghMQj.exe
  C:\Windows\System\INghMQj.exe
  2⤵
  PID:1136
- C:\Windows\System\KTQuSdx.exe
  C:\Windows\System\KTQuSdx.exe
  2⤵
  PID:4596
- C:\Windows\System\ANdfLWD.exe
  C:\Windows\System\ANdfLWD.exe
  2⤵
  PID:484
- C:\Windows\System\iGrSFYA.exe
  C:\Windows\System\iGrSFYA.exe
  2⤵
  PID:4800
- C:\Windows\System\jfrrqEp.exe
  C:\Windows\System\jfrrqEp.exe
  2⤵
  PID:4620
- C:\Windows\System\zaAdcre.exe
  C:\Windows\System\zaAdcre.exe
  2⤵
  PID:4680
- C:\Windows\System\WULYwHM.exe
  C:\Windows\System\WULYwHM.exe
  2⤵
  PID:2588
- C:\Windows\System\HAsrcGi.exe
  C:\Windows\System\HAsrcGi.exe
  2⤵
  PID:5016
- C:\Windows\System\wOZXKRc.exe
  C:\Windows\System\wOZXKRc.exe
  2⤵
  PID:3544
- C:\Windows\System\lxSObJb.exe
  C:\Windows\System\lxSObJb.exe
  2⤵
  PID:3548
- C:\Windows\System\BcLgvLR.exe
  C:\Windows\System\BcLgvLR.exe
  2⤵
  PID:3764
- C:\Windows\System\ZNWRucX.exe
  C:\Windows\System\ZNWRucX.exe
  2⤵
  PID:2984
- C:\Windows\System\XZcKrbL.exe
  C:\Windows\System\XZcKrbL.exe
  2⤵
  PID:1620
- C:\Windows\System\ncoDRks.exe
  C:\Windows\System\ncoDRks.exe
  2⤵
  PID:4048
- C:\Windows\System\sSnCvYX.exe
  C:\Windows\System\sSnCvYX.exe
  2⤵
  PID:2800
- C:\Windows\System\sBiEFbK.exe
  C:\Windows\System\sBiEFbK.exe
  2⤵
  PID:812
- C:\Windows\System\KWxsZXP.exe
  C:\Windows\System\KWxsZXP.exe
  2⤵
  PID:4120
- C:\Windows\System\QQuYHWy.exe
  C:\Windows\System\QQuYHWy.exe
  2⤵
  PID:3380
- C:\Windows\System\HYbOIhF.exe
  C:\Windows\System\HYbOIhF.exe
  2⤵
  PID:4400
- C:\Windows\System\AcmxuKN.exe
  C:\Windows\System\AcmxuKN.exe
  2⤵
  PID:4456
- C:\Windows\System\heLZIZT.exe
  C:\Windows\System\heLZIZT.exe
  2⤵
  PID:1552
- C:\Windows\System\kXevFMH.exe
  C:\Windows\System\kXevFMH.exe
  2⤵
  PID:4512
- C:\Windows\System\bmJRfYx.exe
  C:\Windows\System\bmJRfYx.exe
  2⤵
  PID:4676
- C:\Windows\System\wENzukK.exe
  C:\Windows\System\wENzukK.exe
  2⤵
  PID:4980
- C:\Windows\System\yKWDJFi.exe
  C:\Windows\System\yKWDJFi.exe
  2⤵
  PID:3920
- C:\Windows\System\tuxEbBi.exe
  C:\Windows\System\tuxEbBi.exe
  2⤵
  PID:2464
- C:\Windows\System\EfFKumM.exe
  C:\Windows\System\EfFKumM.exe
  2⤵
  PID:3896
- C:\Windows\System\bTCjoBX.exe
  C:\Windows\System\bTCjoBX.exe
  2⤵
  PID:4832
- C:\Windows\System\wrzoazG.exe
  C:\Windows\System\wrzoazG.exe
  2⤵
  PID:2428
- C:\Windows\System\YSxtXKx.exe
  C:\Windows\System\YSxtXKx.exe
  2⤵
  PID:1748
- C:\Windows\System\wtCkEiw.exe
  C:\Windows\System\wtCkEiw.exe
  2⤵
  PID:500
- C:\Windows\System\RULBiMX.exe
  C:\Windows\System\RULBiMX.exe
  2⤵
  PID:3336
- C:\Windows\System\PdxKfBZ.exe
  C:\Windows\System\PdxKfBZ.exe
  2⤵
  PID:1164
- C:\Windows\System\eeYDnxb.exe
  C:\Windows\System\eeYDnxb.exe
  2⤵
  PID:2960
- C:\Windows\System\zgnPGhY.exe
  C:\Windows\System\zgnPGhY.exe
  2⤵
  PID:2724
- C:\Windows\System\XIUwjLa.exe
  C:\Windows\System\XIUwjLa.exe
  2⤵
  PID:4180
- C:\Windows\System\QdKTLRm.exe
  C:\Windows\System\QdKTLRm.exe
  2⤵
  PID:2488
- C:\Windows\System\MmgELKx.exe
  C:\Windows\System\MmgELKx.exe
  2⤵
  PID:4536
- C:\Windows\System\hNclvCc.exe
  C:\Windows\System\hNclvCc.exe
  2⤵
  PID:2676
- C:\Windows\System\sSpRXxC.exe
  C:\Windows\System\sSpRXxC.exe
  2⤵
  PID:2880
- C:\Windows\System\mkaUwCa.exe
  C:\Windows\System\mkaUwCa.exe
  2⤵
  PID:2928
- C:\Windows\System\mUWfVID.exe
  C:\Windows\System\mUWfVID.exe
  2⤵
  PID:4776
- C:\Windows\System\fVaAfqt.exe
  C:\Windows\System\fVaAfqt.exe
  2⤵
  PID:4068
- C:\Windows\System\EMEsejX.exe
  C:\Windows\System\EMEsejX.exe
  2⤵
  PID:4472
- C:\Windows\System\NfkmZtA.exe
  C:\Windows\System\NfkmZtA.exe
  2⤵
  PID:2156
- C:\Windows\System\gPZBezD.exe
  C:\Windows\System\gPZBezD.exe
  2⤵
  PID:4864
- C:\Windows\System\VEwivuM.exe
  C:\Windows\System\VEwivuM.exe
  2⤵
  PID:4260
- C:\Windows\System\pqdMOeA.exe
  C:\Windows\System\pqdMOeA.exe
  2⤵
  PID:2120
- C:\Windows\System\LtbaJUD.exe
  C:\Windows\System\LtbaJUD.exe
  2⤵
  PID:4764
- C:\Windows\System\PtxTnDh.exe
  C:\Windows\System\PtxTnDh.exe
  2⤵
  PID:1524
- C:\Windows\System\CotUSSI.exe
  C:\Windows\System\CotUSSI.exe
  2⤵
  PID:5132
- C:\Windows\System\hLcCFtn.exe
  C:\Windows\System\hLcCFtn.exe
  2⤵
  PID:5152
- C:\Windows\System\dPKLpbH.exe
  C:\Windows\System\dPKLpbH.exe
  2⤵
  PID:5172
- C:\Windows\System\jnTdrit.exe
  C:\Windows\System\jnTdrit.exe
  2⤵
  PID:5188
- C:\Windows\System\vJjCmJP.exe
  C:\Windows\System\vJjCmJP.exe
  2⤵
  PID:5204
- C:\Windows\System\fFCzQkI.exe
  C:\Windows\System\fFCzQkI.exe
  2⤵
  PID:5220
- C:\Windows\System\LicnlzI.exe
  C:\Windows\System\LicnlzI.exe
  2⤵
  PID:5288
- C:\Windows\System\BkXVMvm.exe
  C:\Windows\System\BkXVMvm.exe
  2⤵
  PID:5344
- C:\Windows\System\hcJmSwu.exe
  C:\Windows\System\hcJmSwu.exe
  2⤵
  PID:5368
- C:\Windows\System\uMstQtt.exe
  C:\Windows\System\uMstQtt.exe
  2⤵
  PID:5384
- C:\Windows\System\AgvitPt.exe
  C:\Windows\System\AgvitPt.exe
  2⤵
  PID:5404
- C:\Windows\System\tpXJdwU.exe
  C:\Windows\System\tpXJdwU.exe
  2⤵
  PID:5424
- C:\Windows\System\XwJleyB.exe
  C:\Windows\System\XwJleyB.exe
  2⤵
  PID:5444
- C:\Windows\System\pbqtfYa.exe
  C:\Windows\System\pbqtfYa.exe
  2⤵
  PID:5460
- C:\Windows\System\TQmheqW.exe
  C:\Windows\System\TQmheqW.exe
  2⤵
  PID:5476
- C:\Windows\System\MsdseuP.exe
  C:\Windows\System\MsdseuP.exe
  2⤵
  PID:5496
- C:\Windows\System\siWpHip.exe
  C:\Windows\System\siWpHip.exe
  2⤵
  PID:5516
- C:\Windows\System\fdUkMEb.exe
  C:\Windows\System\fdUkMEb.exe
  2⤵
  PID:5532
- C:\Windows\System\hyLPhFy.exe
  C:\Windows\System\hyLPhFy.exe
  2⤵
  PID:5548
- C:\Windows\System\FdsQCml.exe
  C:\Windows\System\FdsQCml.exe
  2⤵
  PID:5572
- C:\Windows\System\ZHpVjfv.exe
  C:\Windows\System\ZHpVjfv.exe
  2⤵
  PID:5592
- C:\Windows\System\dzmwPgH.exe
  C:\Windows\System\dzmwPgH.exe
  2⤵
  PID:5608
- C:\Windows\System\KDfVDNt.exe
  C:\Windows\System\KDfVDNt.exe
  2⤵
  PID:5624
- C:\Windows\System\EQauVDW.exe
  C:\Windows\System\EQauVDW.exe
  2⤵
  PID:5644
- C:\Windows\System\SUsmoGN.exe
  C:\Windows\System\SUsmoGN.exe
  2⤵
  PID:5660
- C:\Windows\System\noFSbKA.exe
  C:\Windows\System\noFSbKA.exe
  2⤵
  PID:5680
- C:\Windows\System\AUQqDQq.exe
  C:\Windows\System\AUQqDQq.exe
  2⤵
  PID:5700
- C:\Windows\System\ZUgTLvF.exe
  C:\Windows\System\ZUgTLvF.exe
  2⤵
  PID:5728
- C:\Windows\System\xgkpzTz.exe
  C:\Windows\System\xgkpzTz.exe
  2⤵
  PID:5744
- C:\Windows\System\LvZqiAn.exe
  C:\Windows\System\LvZqiAn.exe
  2⤵
  PID:5760
- C:\Windows\System\WWHkwVO.exe
  C:\Windows\System\WWHkwVO.exe
  2⤵
  PID:5776
- C:\Windows\System\qarRsqk.exe
  C:\Windows\System\qarRsqk.exe
  2⤵
  PID:5792
- C:\Windows\System\vHXpxDP.exe
  C:\Windows\System\vHXpxDP.exe
  2⤵
  PID:5808
- C:\Windows\System\MXOWtgY.exe
  C:\Windows\System\MXOWtgY.exe
  2⤵
  PID:5828
- C:\Windows\System\PUaSsbo.exe
  C:\Windows\System\PUaSsbo.exe
  2⤵
  PID:5844
- C:\Windows\System\lQVizIN.exe
  C:\Windows\System\lQVizIN.exe
  2⤵
  PID:5864
- C:\Windows\System\lPCgcHa.exe
  C:\Windows\System\lPCgcHa.exe
  2⤵
  PID:5884
- C:\Windows\System\wmgaQER.exe
  C:\Windows\System\wmgaQER.exe
  2⤵
  PID:5904
- C:\Windows\System\iBhxVWR.exe
  C:\Windows\System\iBhxVWR.exe
  2⤵
  PID:5920
- C:\Windows\System\YZAvtGJ.exe
  C:\Windows\System\YZAvtGJ.exe
  2⤵
  PID:5936
- C:\Windows\System\YhOtAFL.exe
  C:\Windows\System\YhOtAFL.exe
  2⤵
  PID:5952
- C:\Windows\System\yDSTjjk.exe
  C:\Windows\System\yDSTjjk.exe
  2⤵
  PID:5968
- C:\Windows\System\nmMejie.exe
  C:\Windows\System\nmMejie.exe
  2⤵
  PID:5984
- C:\Windows\System\sPrAgBs.exe
  C:\Windows\System\sPrAgBs.exe
  2⤵
  PID:6004
- C:\Windows\System\LoFwaKW.exe
  C:\Windows\System\LoFwaKW.exe
  2⤵
  PID:6024
- C:\Windows\System\nbQePIh.exe
  C:\Windows\System\nbQePIh.exe
  2⤵
  PID:6044
- C:\Windows\System\KkdjJxy.exe
  C:\Windows\System\KkdjJxy.exe
  2⤵
  PID:6060
- C:\Windows\System\brDSUvc.exe
  C:\Windows\System\brDSUvc.exe
  2⤵
  PID:6080
- C:\Windows\System\iARlpur.exe
  C:\Windows\System\iARlpur.exe
  2⤵
  PID:6100
- C:\Windows\System\dlVCQSL.exe
  C:\Windows\System\dlVCQSL.exe
  2⤵
  PID:6116
- C:\Windows\System\wsXWWPV.exe
  C:\Windows\System\wsXWWPV.exe
  2⤵
  PID:6132
- C:\Windows\System\mXIhqUN.exe
  C:\Windows\System\mXIhqUN.exe
  2⤵
  PID:2884
- C:\Windows\System\UApDega.exe
  C:\Windows\System\UApDega.exe
  2⤵
  PID:4964
- C:\Windows\System\SDHoIpw.exe
  C:\Windows\System\SDHoIpw.exe
  2⤵
  PID:5124
- C:\Windows\System\yEIFENd.exe
  C:\Windows\System\yEIFENd.exe
  2⤵
  PID:5168
- C:\Windows\System\LGuaayT.exe
  C:\Windows\System\LGuaayT.exe
  2⤵
  PID:5200
- C:\Windows\System\JmSVKsy.exe
  C:\Windows\System\JmSVKsy.exe
  2⤵
  PID:5244
- C:\Windows\System\SrqOoXw.exe
  C:\Windows\System\SrqOoXw.exe
  2⤵
  PID:5312
- C:\Windows\System\gELoWMX.exe
  C:\Windows\System\gELoWMX.exe
  2⤵
  PID:5328
- C:\Windows\System\pSuNQXe.exe
  C:\Windows\System\pSuNQXe.exe
  2⤵
  PID:5340
- C:\Windows\System\UPCEmBe.exe
  C:\Windows\System\UPCEmBe.exe
  2⤵
  PID:5416
- C:\Windows\System\PsSaHYT.exe
  C:\Windows\System\PsSaHYT.exe
  2⤵
  PID:5488
- C:\Windows\System\HqDWRvV.exe
  C:\Windows\System\HqDWRvV.exe
  2⤵
  PID:5556
- C:\Windows\System\VvwKyUL.exe
  C:\Windows\System\VvwKyUL.exe
  2⤵
  PID:5604
- C:\Windows\System\lrLjTwY.exe
  C:\Windows\System\lrLjTwY.exe
  2⤵
  PID:5672
- C:\Windows\System\QBMmrLb.exe
  C:\Windows\System\QBMmrLb.exe
  2⤵
  PID:5676
- C:\Windows\System\OtDntOe.exe
  C:\Windows\System\OtDntOe.exe
  2⤵
  PID:5540
- C:\Windows\System\pWxaOlf.exe
  C:\Windows\System\pWxaOlf.exe
  2⤵
  PID:5788
- C:\Windows\System\VkBaZZA.exe
  C:\Windows\System\VkBaZZA.exe
  2⤵
  PID:5620
- C:\Windows\System\LNkszXr.exe
  C:\Windows\System\LNkszXr.exe
  2⤵
  PID:5692
- C:\Windows\System\pYYgsXg.exe
  C:\Windows\System\pYYgsXg.exe
  2⤵
  PID:5432
- C:\Windows\System\CSnvdLW.exe
  C:\Windows\System\CSnvdLW.exe
  2⤵
  PID:5436
- C:\Windows\System\KvczBmK.exe
  C:\Windows\System\KvczBmK.exe
  2⤵
  PID:5960
- C:\Windows\System\FwGivxa.exe
  C:\Windows\System\FwGivxa.exe
  2⤵
  PID:6000
- C:\Windows\System\YdCKANW.exe
  C:\Windows\System\YdCKANW.exe
  2⤵
  PID:6112
- C:\Windows\System\AsDtJLm.exe
  C:\Windows\System\AsDtJLm.exe
  2⤵
  PID:5544
- C:\Windows\System\PeszIpE.exe
  C:\Windows\System\PeszIpE.exe
  2⤵
  PID:5772
- C:\Windows\System\FlRerUo.exe
  C:\Windows\System\FlRerUo.exe
  2⤵
  PID:5872
- C:\Windows\System\FYLHtIi.exe
  C:\Windows\System\FYLHtIi.exe
  2⤵
  PID:5916
- C:\Windows\System\oxOoYZq.exe
  C:\Windows\System\oxOoYZq.exe
  2⤵
  PID:6056
- C:\Windows\System\NZxbiMj.exe
  C:\Windows\System\NZxbiMj.exe
  2⤵
  PID:6128
- C:\Windows\System\bhFtgup.exe
  C:\Windows\System\bhFtgup.exe
  2⤵
  PID:5148
- C:\Windows\System\QMKiUkg.exe
  C:\Windows\System\QMKiUkg.exe
  2⤵
  PID:5216
- C:\Windows\System\IwffLfx.exe
  C:\Windows\System\IwffLfx.exe
  2⤵
  PID:4880
- C:\Windows\System\TiQAmnl.exe
  C:\Windows\System\TiQAmnl.exe
  2⤵
  PID:2176
- C:\Windows\System\AFrRyXZ.exe
  C:\Windows\System\AFrRyXZ.exe
  2⤵
  PID:2484
- C:\Windows\System\spKUqtd.exe
  C:\Windows\System\spKUqtd.exe
  2⤵
  PID:992
- C:\Windows\System\GFHtFNU.exe
  C:\Windows\System\GFHtFNU.exe
  2⤵
  PID:5308
- C:\Windows\System\lbQdFmD.exe
  C:\Windows\System\lbQdFmD.exe
  2⤵
  PID:5452
- C:\Windows\System\MXWMVHL.exe
  C:\Windows\System\MXWMVHL.exe
  2⤵
  PID:5324
- C:\Windows\System\rHSziyl.exe
  C:\Windows\System\rHSziyl.exe
  2⤵
  PID:5412
- C:\Windows\System\waPnwfK.exe
  C:\Windows\System\waPnwfK.exe
  2⤵
  PID:4740
- C:\Windows\System\pGymRJD.exe
  C:\Windows\System\pGymRJD.exe
  2⤵
  PID:5784
- C:\Windows\System\MADEbGF.exe
  C:\Windows\System\MADEbGF.exe
  2⤵
  PID:5472
- C:\Windows\System\lHFdNTL.exe
  C:\Windows\System\lHFdNTL.exe
  2⤵
  PID:5752
- C:\Windows\System\wtodbmR.exe
  C:\Windows\System\wtodbmR.exe
  2⤵
  PID:5688
- C:\Windows\System\ZVSMlBR.exe
  C:\Windows\System\ZVSMlBR.exe
  2⤵
  PID:5716
- C:\Windows\System\wsOxGiS.exe
  C:\Windows\System\wsOxGiS.exe
  2⤵
  PID:5896
- C:\Windows\System\WBdmMna.exe
  C:\Windows\System\WBdmMna.exe
  2⤵
  PID:5932
- C:\Windows\System\kdTJIJQ.exe
  C:\Windows\System\kdTJIJQ.exe
  2⤵
  PID:6072
- C:\Windows\System\PCyYjcr.exe
  C:\Windows\System\PCyYjcr.exe
  2⤵
  PID:5980
- C:\Windows\System\dEuBlRE.exe
  C:\Windows\System\dEuBlRE.exe
  2⤵
  PID:5840
- C:\Windows\System\uepJiCu.exe
  C:\Windows\System\uepJiCu.exe
  2⤵
  PID:5736
- C:\Windows\System\iSMYRji.exe
  C:\Windows\System\iSMYRji.exe
  2⤵
  PID:5912
- C:\Windows\System\PmUwBVM.exe
  C:\Windows\System\PmUwBVM.exe
  2⤵
  PID:2232
- C:\Windows\System\lbHZjfZ.exe
  C:\Windows\System\lbHZjfZ.exe
  2⤵
  PID:5320
- C:\Windows\System\fMjVcqn.exe
  C:\Windows\System\fMjVcqn.exe
  2⤵
  PID:2392
- C:\Windows\System\puPjgoU.exe
  C:\Windows\System\puPjgoU.exe
  2⤵
  PID:4240
- C:\Windows\System\plwWqoz.exe
  C:\Windows\System\plwWqoz.exe
  2⤵
  PID:5336
- C:\Windows\System\vtAXHht.exe
  C:\Windows\System\vtAXHht.exe
  2⤵
  PID:5524
- C:\Windows\System\gYhGpNe.exe
  C:\Windows\System\gYhGpNe.exe
  2⤵
  PID:5356
- C:\Windows\System\YeTrKkL.exe
  C:\Windows\System\YeTrKkL.exe
  2⤵
  PID:5380
- C:\Windows\System\iDSHZAL.exe
  C:\Windows\System\iDSHZAL.exe
  2⤵
  PID:5804
- C:\Windows\System\PMnVwke.exe
  C:\Windows\System\PMnVwke.exe
  2⤵
  PID:5228
- C:\Windows\System\euTqlWR.exe
  C:\Windows\System\euTqlWR.exe
  2⤵
  PID:2856
- C:\Windows\System\PfuWVcd.exe
  C:\Windows\System\PfuWVcd.exe
  2⤵
  PID:5144
- C:\Windows\System\Styorar.exe
  C:\Windows\System\Styorar.exe
  2⤵
  PID:5724
- C:\Windows\System\TuHvNuq.exe
  C:\Windows\System\TuHvNuq.exe
  2⤵
  PID:6124
- C:\Windows\System\msbrmEu.exe
  C:\Windows\System\msbrmEu.exe
  2⤵
  PID:5928
- C:\Windows\System\nhwHcIi.exe
  C:\Windows\System\nhwHcIi.exe
  2⤵
  PID:5588
- C:\Windows\System\FzuSZqP.exe
  C:\Windows\System\FzuSZqP.exe
  2⤵
  PID:5948
- C:\Windows\System\TnhaXlH.exe
  C:\Windows\System\TnhaXlH.exe
  2⤵
  PID:4296
- C:\Windows\System\fcxzfRD.exe
  C:\Windows\System\fcxzfRD.exe
  2⤵
  PID:6108
- C:\Windows\System\bsqWVcq.exe
  C:\Windows\System\bsqWVcq.exe
  2⤵
  PID:5636
- C:\Windows\System\CckhTKu.exe
  C:\Windows\System\CckhTKu.exe
  2⤵
  PID:5820
- C:\Windows\System\jBxgsiD.exe
  C:\Windows\System\jBxgsiD.exe
  2⤵
  PID:2704
- C:\Windows\System\aDfhvue.exe
  C:\Windows\System\aDfhvue.exe
  2⤵
  PID:5600
- C:\Windows\System\CPAHJpH.exe
  C:\Windows\System\CPAHJpH.exe
  2⤵
  PID:6148
- C:\Windows\System\RVDuPTE.exe
  C:\Windows\System\RVDuPTE.exe
  2⤵
  PID:6164
- C:\Windows\System\lgxkPEW.exe
  C:\Windows\System\lgxkPEW.exe
  2⤵
  PID:6184
- C:\Windows\System\gBXoNWX.exe
  C:\Windows\System\gBXoNWX.exe
  2⤵
  PID:6200
- C:\Windows\System\NMejdJn.exe
  C:\Windows\System\NMejdJn.exe
  2⤵
  PID:6216
- C:\Windows\System\ejtfxMP.exe
  C:\Windows\System\ejtfxMP.exe
  2⤵
  PID:6232
- C:\Windows\System\xwNhWGr.exe
  C:\Windows\System\xwNhWGr.exe
  2⤵
  PID:6248
- C:\Windows\System\mLIjMPX.exe
  C:\Windows\System\mLIjMPX.exe
  2⤵
  PID:6264
- C:\Windows\System\SObGMTt.exe
  C:\Windows\System\SObGMTt.exe
  2⤵
  PID:6284
- C:\Windows\System\BlicMcb.exe
  C:\Windows\System\BlicMcb.exe
  2⤵
  PID:6304
- C:\Windows\System\DRtxgTx.exe
  C:\Windows\System\DRtxgTx.exe
  2⤵
  PID:6324
- C:\Windows\System\hVRjPDz.exe
  C:\Windows\System\hVRjPDz.exe
  2⤵
  PID:6344
- C:\Windows\System\cbEQFzA.exe
  C:\Windows\System\cbEQFzA.exe
  2⤵
  PID:6364
- C:\Windows\System\rOoMnYH.exe
  C:\Windows\System\rOoMnYH.exe
  2⤵
  PID:6380
- C:\Windows\System\bLeLaaS.exe
  C:\Windows\System\bLeLaaS.exe
  2⤵
  PID:6440
- C:\Windows\System\EVSvakO.exe
  C:\Windows\System\EVSvakO.exe
  2⤵
  PID:6456
- C:\Windows\System\VccXjAZ.exe
  C:\Windows\System\VccXjAZ.exe
  2⤵
  PID:6472
- C:\Windows\System\kMjVxmp.exe
  C:\Windows\System\kMjVxmp.exe
  2⤵
  PID:6488
- C:\Windows\System\zjLzDAG.exe
  C:\Windows\System\zjLzDAG.exe
  2⤵
  PID:6504
- C:\Windows\System\IWfGXwK.exe
  C:\Windows\System\IWfGXwK.exe
  2⤵
  PID:6520
- C:\Windows\System\phhucVx.exe
  C:\Windows\System\phhucVx.exe
  2⤵
  PID:6536
- C:\Windows\System\mbbtIGF.exe
  C:\Windows\System\mbbtIGF.exe
  2⤵
  PID:6552
- C:\Windows\System\GqjqRXY.exe
  C:\Windows\System\GqjqRXY.exe
  2⤵
  PID:6576
- C:\Windows\System\RpNmaXr.exe
  C:\Windows\System\RpNmaXr.exe
  2⤵
  PID:6592
- C:\Windows\System\hPUdeaY.exe
  C:\Windows\System\hPUdeaY.exe
  2⤵
  PID:6608
- C:\Windows\System\NZnwmLh.exe
  C:\Windows\System\NZnwmLh.exe
  2⤵
  PID:6624
- C:\Windows\System\mrfFGvG.exe
  C:\Windows\System\mrfFGvG.exe
  2⤵
  PID:6640
- C:\Windows\System\YYTABBa.exe
  C:\Windows\System\YYTABBa.exe
  2⤵
  PID:6656
- C:\Windows\System\ZoAsxxF.exe
  C:\Windows\System\ZoAsxxF.exe
  2⤵
  PID:6672
- C:\Windows\System\dyFdcec.exe
  C:\Windows\System\dyFdcec.exe
  2⤵
  PID:6688
- C:\Windows\System\DtUaHoz.exe
  C:\Windows\System\DtUaHoz.exe
  2⤵
  PID:6704
- C:\Windows\System\wyvFjnb.exe
  C:\Windows\System\wyvFjnb.exe
  2⤵
  PID:6720
- C:\Windows\System\JZyvkMA.exe
  C:\Windows\System\JZyvkMA.exe
  2⤵
  PID:6736
- C:\Windows\System\hSbjZhf.exe
  C:\Windows\System\hSbjZhf.exe
  2⤵
  PID:6752
- C:\Windows\System\gOzmZPD.exe
  C:\Windows\System\gOzmZPD.exe
  2⤵
  PID:6768
- C:\Windows\System\zNaTzMA.exe
  C:\Windows\System\zNaTzMA.exe
  2⤵
  PID:6804
- C:\Windows\System\oMDkxrj.exe
  C:\Windows\System\oMDkxrj.exe
  2⤵
  PID:6840
- C:\Windows\System\QKIDMFh.exe
  C:\Windows\System\QKIDMFh.exe
  2⤵
  PID:6860
- C:\Windows\System\bImhyjg.exe
  C:\Windows\System\bImhyjg.exe
  2⤵
  PID:6876
- C:\Windows\System\tXJjZZu.exe
  C:\Windows\System\tXJjZZu.exe
  2⤵
  PID:6896
- C:\Windows\System\FwQrzOi.exe
  C:\Windows\System\FwQrzOi.exe
  2⤵
  PID:6916
- C:\Windows\System\qSufRfh.exe
  C:\Windows\System\qSufRfh.exe
  2⤵
  PID:6948
- C:\Windows\System\fxgBwTA.exe
  C:\Windows\System\fxgBwTA.exe
  2⤵
  PID:6964
- C:\Windows\System\NKEMxgQ.exe
  C:\Windows\System\NKEMxgQ.exe
  2⤵
  PID:6980
- C:\Windows\System\FMiTsBo.exe
  C:\Windows\System\FMiTsBo.exe
  2⤵
  PID:7004
- C:\Windows\System\rnIuwOz.exe
  C:\Windows\System\rnIuwOz.exe
  2⤵
  PID:7024
- C:\Windows\System\sbTQibZ.exe
  C:\Windows\System\sbTQibZ.exe
  2⤵
  PID:7044
- C:\Windows\System\KOmrPvt.exe
  C:\Windows\System\KOmrPvt.exe
  2⤵
  PID:7064
- C:\Windows\System\IRbTidJ.exe
  C:\Windows\System\IRbTidJ.exe
  2⤵
  PID:7080
- C:\Windows\System\odhVgyo.exe
  C:\Windows\System\odhVgyo.exe
  2⤵
  PID:7096
- C:\Windows\System\xUZXRyM.exe
  C:\Windows\System\xUZXRyM.exe
  2⤵
  PID:7112
- C:\Windows\System\ezSiUKW.exe
  C:\Windows\System\ezSiUKW.exe
  2⤵
  PID:7132
- C:\Windows\System\ESsTYwx.exe
  C:\Windows\System\ESsTYwx.exe
  2⤵
  PID:7148
- C:\Windows\System\liLmFeH.exe
  C:\Windows\System\liLmFeH.exe
  2⤵
  PID:6244
- C:\Windows\System\lceyWpy.exe
  C:\Windows\System\lceyWpy.exe
  2⤵
  PID:6280
- C:\Windows\System\xWHEpKq.exe
  C:\Windows\System\xWHEpKq.exe
  2⤵
  PID:6388
- C:\Windows\System\XehbxcP.exe
  C:\Windows\System\XehbxcP.exe
  2⤵
  PID:5860
- C:\Windows\System\uHIHwuG.exe
  C:\Windows\System\uHIHwuG.exe
  2⤵
  PID:6408
- C:\Windows\System\YAlDYnw.exe
  C:\Windows\System\YAlDYnw.exe
  2⤵
  PID:6420
- C:\Windows\System\JjByUao.exe
  C:\Windows\System\JjByUao.exe
  2⤵
  PID:6432
- C:\Windows\System\LKtiWGq.exe
  C:\Windows\System\LKtiWGq.exe
  2⤵
  PID:5304
- C:\Windows\System\UzHDpnF.exe
  C:\Windows\System\UzHDpnF.exe
  2⤵
  PID:6564
- C:\Windows\System\AdMmlRE.exe
  C:\Windows\System\AdMmlRE.exe
  2⤵
  PID:6568
- C:\Windows\System\teIqeMi.exe
  C:\Windows\System\teIqeMi.exe
  2⤵
  PID:6636
- C:\Windows\System\YgsCnpt.exe
  C:\Windows\System\YgsCnpt.exe
  2⤵
  PID:6696
- C:\Windows\System\rmuZjjB.exe
  C:\Windows\System\rmuZjjB.exe
  2⤵
  PID:6728
- C:\Windows\System\PFKMsFw.exe
  C:\Windows\System\PFKMsFw.exe
  2⤵
  PID:6832
- C:\Windows\System\UtBYcYf.exe
  C:\Windows\System\UtBYcYf.exe
  2⤵
  PID:6196
- C:\Windows\System\GZSxAuW.exe
  C:\Windows\System\GZSxAuW.exe
  2⤵
  PID:6292
- C:\Windows\System\XQFbGDx.exe
  C:\Windows\System\XQFbGDx.exe
  2⤵
  PID:6376
- C:\Windows\System\Qqhfxzf.exe
  C:\Windows\System\Qqhfxzf.exe
  2⤵
  PID:6516
- C:\Windows\System\vzhRNdE.exe
  C:\Windows\System\vzhRNdE.exe
  2⤵
  PID:6908
- C:\Windows\System\uqYJdrS.exe
  C:\Windows\System\uqYJdrS.exe
  2⤵
  PID:6588
- C:\Windows\System\GTrpOJl.exe
  C:\Windows\System\GTrpOJl.exe
  2⤵
  PID:7000
- C:\Windows\System\JLxeuwA.exe
  C:\Windows\System\JLxeuwA.exe
  2⤵
  PID:7072
- C:\Windows\System\MvhkWLw.exe
  C:\Windows\System\MvhkWLw.exe
  2⤵
  PID:7140
- C:\Windows\System\WRVIxBK.exe
  C:\Windows\System\WRVIxBK.exe
  2⤵
  PID:6448
- C:\Windows\System\rmULTxX.exe
  C:\Windows\System\rmULTxX.exe
  2⤵
  PID:6484
- C:\Windows\System\voqAOsY.exe
  C:\Windows\System\voqAOsY.exe
  2⤵
  PID:6936
- C:\Windows\System\NTtKxEE.exe
  C:\Windows\System\NTtKxEE.exe
  2⤵
  PID:7012
- C:\Windows\System\VUPDAGu.exe
  C:\Windows\System\VUPDAGu.exe
  2⤵
  PID:6272
- C:\Windows\System\BpvbsNc.exe
  C:\Windows\System\BpvbsNc.exe
  2⤵
  PID:5892
- C:\Windows\System\mtKkutV.exe
  C:\Windows\System\mtKkutV.exe
  2⤵
  PID:6396
- C:\Windows\System\rqbuZJl.exe
  C:\Windows\System\rqbuZJl.exe
  2⤵
  PID:6352
- C:\Windows\System\syqtohK.exe
  C:\Windows\System\syqtohK.exe
  2⤵
  PID:6744
- C:\Windows\System\vJLhLpM.exe
  C:\Windows\System\vJLhLpM.exe
  2⤵
  PID:6784
- C:\Windows\System\cCFTMAP.exe
  C:\Windows\System\cCFTMAP.exe
  2⤵
  PID:7052
- C:\Windows\System\mRhuQkN.exe
  C:\Windows\System\mRhuQkN.exe
  2⤵
  PID:7124
- C:\Windows\System\PGOshar.exe
  C:\Windows\System\PGOshar.exe
  2⤵
  PID:6316
- C:\Windows\System\bLZnuCL.exe
  C:\Windows\System\bLZnuCL.exe
  2⤵
  PID:5352
- C:\Windows\System\nVdYniL.exe
  C:\Windows\System\nVdYniL.exe
  2⤵
  PID:6668
- C:\Windows\System\mReNbJW.exe
  C:\Windows\System\mReNbJW.exe
  2⤵
  PID:6528
- C:\Windows\System\cJgZuzs.exe
  C:\Windows\System\cJgZuzs.exe
  2⤵
  PID:6824
- C:\Windows\System\xbsjBSJ.exe
  C:\Windows\System\xbsjBSJ.exe
  2⤵
  PID:6208
- C:\Windows\System\TdYQwMS.exe
  C:\Windows\System\TdYQwMS.exe
  2⤵
  PID:6512
- C:\Windows\System\btazbHW.exe
  C:\Windows\System\btazbHW.exe
  2⤵
  PID:7040
- C:\Windows\System\SqZnyxu.exe
  C:\Windows\System\SqZnyxu.exe
  2⤵
  PID:6332
- C:\Windows\System\evfjBpT.exe
  C:\Windows\System\evfjBpT.exe
  2⤵
  PID:6800
- C:\Windows\System\HBRCVea.exe
  C:\Windows\System\HBRCVea.exe
  2⤵
  PID:6684
- C:\Windows\System\CBdAqiU.exe
  C:\Windows\System\CBdAqiU.exe
  2⤵
  PID:6884
- C:\Windows\System\GuiAJPw.exe
  C:\Windows\System\GuiAJPw.exe
  2⤵
  PID:6792
- C:\Windows\System\BDyUjRX.exe
  C:\Windows\System\BDyUjRX.exe
  2⤵
  PID:6372
- C:\Windows\System\EYJkyLA.exe
  C:\Windows\System\EYJkyLA.exe
  2⤵
  PID:7108
- C:\Windows\System\YiOsJrd.exe
  C:\Windows\System\YiOsJrd.exe
  2⤵
  PID:4416
- C:\Windows\System\ybiUiNs.exe
  C:\Windows\System\ybiUiNs.exe
  2⤵
  PID:6500
- C:\Windows\System\EZqGKdO.exe
  C:\Windows\System\EZqGKdO.exe
  2⤵
  PID:7160
- C:\Windows\System\xUWsLet.exe
  C:\Windows\System\xUWsLet.exe
  2⤵
  PID:6240
- C:\Windows\System\RuAflim.exe
  C:\Windows\System\RuAflim.exe
  2⤵
  PID:7088
- C:\Windows\System\aKQasvB.exe
  C:\Windows\System\aKQasvB.exe
  2⤵
  PID:6532
- C:\Windows\System\MmMAEkR.exe
  C:\Windows\System\MmMAEkR.exe
  2⤵
  PID:6812
- C:\Windows\System\CvMNJqy.exe
  C:\Windows\System\CvMNJqy.exe
  2⤵
  PID:6956
- C:\Windows\System\EdHrnQq.exe
  C:\Windows\System\EdHrnQq.exe
  2⤵
  PID:6604
- C:\Windows\System\YeUMAwJ.exe
  C:\Windows\System\YeUMAwJ.exe
  2⤵
  PID:7104
- C:\Windows\System\fyqXOay.exe
  C:\Windows\System\fyqXOay.exe
  2⤵
  PID:6760
- C:\Windows\System\yygDHuJ.exe
  C:\Windows\System\yygDHuJ.exe
  2⤵
  PID:6260
- C:\Windows\System\jnjCuLz.exe
  C:\Windows\System\jnjCuLz.exe
  2⤵
  PID:6300
- C:\Windows\System\UQHxWKf.exe
  C:\Windows\System\UQHxWKf.exe
  2⤵
  PID:6972
- C:\Windows\System\mYaGBKh.exe
  C:\Windows\System\mYaGBKh.exe
  2⤵
  PID:7176
- C:\Windows\System\MecdOQV.exe
  C:\Windows\System\MecdOQV.exe
  2⤵
  PID:7196
- C:\Windows\System\Aernaro.exe
  C:\Windows\System\Aernaro.exe
  2⤵
  PID:7212
- C:\Windows\System\PnDYaHj.exe
  C:\Windows\System\PnDYaHj.exe
  2⤵
  PID:7292
- C:\Windows\System\NZlQiLp.exe
  C:\Windows\System\NZlQiLp.exe
  2⤵
  PID:7308
- C:\Windows\System\xKVLzoN.exe
  C:\Windows\System\xKVLzoN.exe
  2⤵
  PID:7324
- C:\Windows\System\oxsBsxN.exe
  C:\Windows\System\oxsBsxN.exe
  2⤵
  PID:7340
- C:\Windows\System\wqejWRI.exe
  C:\Windows\System\wqejWRI.exe
  2⤵
  PID:7356
- C:\Windows\System\lirIRnX.exe
  C:\Windows\System\lirIRnX.exe
  2⤵
  PID:7372
- C:\Windows\System\fcggFSd.exe
  C:\Windows\System\fcggFSd.exe
  2⤵
  PID:7388
- C:\Windows\System\vKmtGWA.exe
  C:\Windows\System\vKmtGWA.exe
  2⤵
  PID:7404
- C:\Windows\System\RtpTWwG.exe
  C:\Windows\System\RtpTWwG.exe
  2⤵
  PID:7420
- C:\Windows\System\rencGcT.exe
  C:\Windows\System\rencGcT.exe
  2⤵
  PID:7436
- C:\Windows\System\YGIjDYk.exe
  C:\Windows\System\YGIjDYk.exe
  2⤵
  PID:7452
- C:\Windows\System\qQORLzh.exe
  C:\Windows\System\qQORLzh.exe
  2⤵
  PID:7468
- C:\Windows\System\ppcyOAD.exe
  C:\Windows\System\ppcyOAD.exe
  2⤵
  PID:7484
- C:\Windows\System\YtdxCIy.exe
  C:\Windows\System\YtdxCIy.exe
  2⤵
  PID:7500
- C:\Windows\System\xXLsLNE.exe
  C:\Windows\System\xXLsLNE.exe
  2⤵
  PID:7516
- C:\Windows\System\YcSgQns.exe
  C:\Windows\System\YcSgQns.exe
  2⤵
  PID:7532
- C:\Windows\System\SwxlDdJ.exe
  C:\Windows\System\SwxlDdJ.exe
  2⤵
  PID:7548
- C:\Windows\System\IwjesSn.exe
  C:\Windows\System\IwjesSn.exe
  2⤵
  PID:7564
- C:\Windows\System\rzlWahF.exe
  C:\Windows\System\rzlWahF.exe
  2⤵
  PID:7580
- C:\Windows\System\ghBNUYz.exe
  C:\Windows\System\ghBNUYz.exe
  2⤵
  PID:7672
- C:\Windows\System\WHfLkba.exe
  C:\Windows\System\WHfLkba.exe
  2⤵
  PID:7688
- C:\Windows\System\CUdMhCn.exe
  C:\Windows\System\CUdMhCn.exe
  2⤵
  PID:7704
- C:\Windows\System\RsQxgMD.exe
  C:\Windows\System\RsQxgMD.exe
  2⤵
  PID:7724
- C:\Windows\System\LStadXo.exe
  C:\Windows\System\LStadXo.exe
  2⤵
  PID:7748
- C:\Windows\System\BxWCGvS.exe
  C:\Windows\System\BxWCGvS.exe
  2⤵
  PID:7764
- C:\Windows\System\HaWZOWg.exe
  C:\Windows\System\HaWZOWg.exe
  2⤵
  PID:7784
- C:\Windows\System\xNBrcdf.exe
  C:\Windows\System\xNBrcdf.exe
  2⤵
  PID:7808
- C:\Windows\System\nSSBvXJ.exe
  C:\Windows\System\nSSBvXJ.exe
  2⤵
  PID:7824
- C:\Windows\System\gWBpwRM.exe
  C:\Windows\System\gWBpwRM.exe
  2⤵
  PID:7848
- C:\Windows\System\JQEfAya.exe
  C:\Windows\System\JQEfAya.exe
  2⤵
  PID:7864
- C:\Windows\System\dFmxSqD.exe
  C:\Windows\System\dFmxSqD.exe
  2⤵
  PID:7880
- C:\Windows\System\brtEYNI.exe
  C:\Windows\System\brtEYNI.exe
  2⤵
  PID:7912
- C:\Windows\System\MSxcZZw.exe
  C:\Windows\System\MSxcZZw.exe
  2⤵
  PID:7932
- C:\Windows\System\nvNCCJa.exe
  C:\Windows\System\nvNCCJa.exe
  2⤵
  PID:7952
- C:\Windows\System\bEgVTQy.exe
  C:\Windows\System\bEgVTQy.exe
  2⤵
  PID:7972
- C:\Windows\System\KVUqVuY.exe
  C:\Windows\System\KVUqVuY.exe
  2⤵
  PID:7988
- C:\Windows\System\YtLtmHf.exe
  C:\Windows\System\YtLtmHf.exe
  2⤵
  PID:8004
- C:\Windows\System\ccMmAmg.exe
  C:\Windows\System\ccMmAmg.exe
  2⤵
  PID:8020
- C:\Windows\System\xPCyDFl.exe
  C:\Windows\System\xPCyDFl.exe
  2⤵
  PID:8040
- C:\Windows\System\tuifkVz.exe
  C:\Windows\System\tuifkVz.exe
  2⤵
  PID:8080
- C:\Windows\System\jVpRemy.exe
  C:\Windows\System\jVpRemy.exe
  2⤵
  PID:8104
- C:\Windows\System\cPqaoHf.exe
  C:\Windows\System\cPqaoHf.exe
  2⤵
  PID:8120
- C:\Windows\System\iRvvbVH.exe
  C:\Windows\System\iRvvbVH.exe
  2⤵
  PID:8140
- C:\Windows\System\ajXphtv.exe
  C:\Windows\System\ajXphtv.exe
  2⤵
  PID:8156
- C:\Windows\System\uMYvlzg.exe
  C:\Windows\System\uMYvlzg.exe
  2⤵
  PID:8176
- C:\Windows\System\peJHHIv.exe
  C:\Windows\System\peJHHIv.exe
  2⤵
  PID:6912
- C:\Windows\System\pXzHuzC.exe
  C:\Windows\System\pXzHuzC.exe
  2⤵
  PID:7220
- C:\Windows\System\fOwCHNO.exe
  C:\Windows\System\fOwCHNO.exe
  2⤵
  PID:7244
- C:\Windows\System\QcnjPPR.exe
  C:\Windows\System\QcnjPPR.exe
  2⤵
  PID:7256
- C:\Windows\System\XXJNCph.exe
  C:\Windows\System\XXJNCph.exe
  2⤵
  PID:7260
- C:\Windows\System\bsdoIQW.exe
  C:\Windows\System\bsdoIQW.exe
  2⤵
  PID:6796
- C:\Windows\System\OqnGdeV.exe
  C:\Windows\System\OqnGdeV.exe
  2⤵
  PID:6256
- C:\Windows\System\wfMijmD.exe
  C:\Windows\System\wfMijmD.exe
  2⤵
  PID:7204
- C:\Windows\System\peVQpca.exe
  C:\Windows\System\peVQpca.exe
  2⤵
  PID:6480
- C:\Windows\System\TjvSwSg.exe
  C:\Windows\System\TjvSwSg.exe
  2⤵
  PID:6976
- C:\Windows\System\lgVIsVq.exe
  C:\Windows\System\lgVIsVq.exe
  2⤵
  PID:6020
- C:\Windows\System\IfiEDac.exe
  C:\Windows\System\IfiEDac.exe
  2⤵
  PID:7288
- C:\Windows\System\AmbqMYc.exe
  C:\Windows\System\AmbqMYc.exe
  2⤵
  PID:6652
- C:\Windows\System\HIsZACo.exe
  C:\Windows\System\HIsZACo.exe
  2⤵
  PID:7412
- C:\Windows\System\KyfNjeh.exe
  C:\Windows\System\KyfNjeh.exe
  2⤵
  PID:7348
- C:\Windows\System\xOaOoNV.exe
  C:\Windows\System\xOaOoNV.exe
  2⤵
  PID:7480
- C:\Windows\System\EAdVjNu.exe
  C:\Windows\System\EAdVjNu.exe
  2⤵
  PID:7464
- C:\Windows\System\WbkpGdt.exe
  C:\Windows\System\WbkpGdt.exe
  2⤵
  PID:7368
- C:\Windows\System\qWIwonx.exe
  C:\Windows\System\qWIwonx.exe
  2⤵
  PID:7428
- C:\Windows\System\ClCIiWS.exe
  C:\Windows\System\ClCIiWS.exe
  2⤵
  PID:7496
- C:\Windows\System\iEcBgxA.exe
  C:\Windows\System\iEcBgxA.exe
  2⤵
  PID:7588
- C:\Windows\System\ORyKPTU.exe
  C:\Windows\System\ORyKPTU.exe
  2⤵
  PID:7612
- C:\Windows\System\BzlsMNH.exe
  C:\Windows\System\BzlsMNH.exe
  2⤵
  PID:7636
- C:\Windows\System\vCOUqZV.exe
  C:\Windows\System\vCOUqZV.exe
  2⤵
  PID:7660
- C:\Windows\System\imfCfCg.exe
  C:\Windows\System\imfCfCg.exe
  2⤵
  PID:7716
- C:\Windows\System\ACoGQbG.exe
  C:\Windows\System\ACoGQbG.exe
  2⤵
  PID:7792
- C:\Windows\System\dfsOhGU.exe
  C:\Windows\System\dfsOhGU.exe
  2⤵
  PID:7736
- C:\Windows\System\toLmvrC.exe
  C:\Windows\System\toLmvrC.exe
  2⤵
  PID:7740
- C:\Windows\System\lJDExrl.exe
  C:\Windows\System\lJDExrl.exe
  2⤵
  PID:7776
- C:\Windows\System\MZPzgaz.exe
  C:\Windows\System\MZPzgaz.exe
  2⤵
  PID:7780
- C:\Windows\System\RudKVDH.exe
  C:\Windows\System\RudKVDH.exe
  2⤵
  PID:7904
- C:\Windows\System\tENETPo.exe
  C:\Windows\System\tENETPo.exe
  2⤵
  PID:7928
- C:\Windows\System\UEimXtC.exe
  C:\Windows\System\UEimXtC.exe
  2⤵
  PID:7968
- C:\Windows\System\IEcaBUR.exe
  C:\Windows\System\IEcaBUR.exe
  2⤵
  PID:8032
- C:\Windows\System\onQWRAD.exe
  C:\Windows\System\onQWRAD.exe
  2⤵
  PID:8012
- C:\Windows\System\JvLfuis.exe
  C:\Windows\System\JvLfuis.exe
  2⤵
  PID:8072
- C:\Windows\System\MPVzKUF.exe
  C:\Windows\System\MPVzKUF.exe
  2⤵
  PID:8060
- C:\Windows\System\sDGzUMw.exe
  C:\Windows\System\sDGzUMw.exe
  2⤵
  PID:8128
- C:\Windows\System\SHLvmnC.exe
  C:\Windows\System\SHLvmnC.exe
  2⤵
  PID:8168
- C:\Windows\System\IvVvbDW.exe
  C:\Windows\System\IvVvbDW.exe
  2⤵
  PID:6180
- C:\Windows\System\lKSvJOx.exe
  C:\Windows\System\lKSvJOx.exe
  2⤵
  PID:8116
- C:\Windows\System\ELFPjlH.exe
  C:\Windows\System\ELFPjlH.exe
  2⤵
  PID:5064
- C:\Windows\System\gbhlbZo.exe
  C:\Windows\System\gbhlbZo.exe
  2⤵
  PID:7276
- C:\Windows\System\UveLKzY.exe
  C:\Windows\System\UveLKzY.exe
  2⤵
  PID:6404
- C:\Windows\System\zqsUkIB.exe
  C:\Windows\System\zqsUkIB.exe
  2⤵
  PID:7364
- C:\Windows\System\HeFdPxc.exe
  C:\Windows\System\HeFdPxc.exe
  2⤵
  PID:7572
- C:\Windows\System\EwzlwuN.exe
  C:\Windows\System\EwzlwuN.exe
  2⤵
  PID:6228
- C:\Windows\System\GRGVgWS.exe
  C:\Windows\System\GRGVgWS.exe
  2⤵
  PID:7300
- C:\Windows\System\qoZuWGa.exe
  C:\Windows\System\qoZuWGa.exe
  2⤵
  PID:7268
- C:\Windows\System\XXKKgNE.exe
  C:\Windows\System\XXKKgNE.exe
  2⤵
  PID:7544
- C:\Windows\System\XKbUpdT.exe
  C:\Windows\System\XKbUpdT.exe
  2⤵
  PID:7540
- C:\Windows\System\BHEfDvE.exe
  C:\Windows\System\BHEfDvE.exe
  2⤵
  PID:7320
- C:\Windows\System\EjIFSqi.exe
  C:\Windows\System\EjIFSqi.exe
  2⤵
  PID:7652
- C:\Windows\System\EPXQsCs.exe
  C:\Windows\System\EPXQsCs.exe
  2⤵
  PID:7560
- C:\Windows\System\EMdsvpu.exe
  C:\Windows\System\EMdsvpu.exe
  2⤵
  PID:7720
- C:\Windows\System\KgYqqof.exe
  C:\Windows\System\KgYqqof.exe
  2⤵
  PID:7700
- C:\Windows\System\XnxQgYq.exe
  C:\Windows\System\XnxQgYq.exe
  2⤵
  PID:7832
- C:\Windows\System\FJvkvQx.exe
  C:\Windows\System\FJvkvQx.exe
  2⤵
  PID:7856
- C:\Windows\System\XvzxEnX.exe
  C:\Windows\System\XvzxEnX.exe
  2⤵
  PID:7920
- C:\Windows\System\XYxysWx.exe
  C:\Windows\System\XYxysWx.exe
  2⤵
  PID:7944
- C:\Windows\System\txrufWH.exe
  C:\Windows\System\txrufWH.exe
  2⤵
  PID:8028
- C:\Windows\System\oSGPuTI.exe
  C:\Windows\System\oSGPuTI.exe
  2⤵
  PID:6932
- C:\Windows\System\IxMWAKk.exe
  C:\Windows\System\IxMWAKk.exe
  2⤵
  PID:8016
- C:\Windows\System\vVQHVli.exe
  C:\Windows\System\vVQHVli.exe
  2⤵
  PID:8164
- C:\Windows\System\xtgJdGO.exe
  C:\Windows\System\xtgJdGO.exe
  2⤵
  PID:6856
- C:\Windows\System\NdvDehL.exe
  C:\Windows\System\NdvDehL.exe
  2⤵
  PID:7232
- C:\Windows\System\FLOPTVy.exe
  C:\Windows\System\FLOPTVy.exe
  2⤵
  PID:6620
- C:\Windows\System\RBCAVIZ.exe
  C:\Windows\System\RBCAVIZ.exe
  2⤵
  PID:7444
- C:\Windows\System\cpGMlmA.exe
  C:\Windows\System\cpGMlmA.exe
  2⤵
  PID:7336
- C:\Windows\System\MFsLytl.exe
  C:\Windows\System\MFsLytl.exe
  2⤵
  PID:7400
- C:\Windows\System\VkkqBng.exe
  C:\Windows\System\VkkqBng.exe
  2⤵
  PID:7816
- C:\Windows\System\knbmWGl.exe
  C:\Windows\System\knbmWGl.exe
  2⤵
  PID:7680
- C:\Windows\System\KznCDjB.exe
  C:\Windows\System\KznCDjB.exe
  2⤵
  PID:7896
- C:\Windows\System\tduTiAK.exe
  C:\Windows\System\tduTiAK.exe
  2⤵
  PID:6712
- C:\Windows\System\ilMgCId.exe
  C:\Windows\System\ilMgCId.exe
  2⤵
  PID:7228
- C:\Windows\System\fiIqEsm.exe
  C:\Windows\System\fiIqEsm.exe
  2⤵
  PID:8052
- C:\Windows\System\TSqUqKD.exe
  C:\Windows\System\TSqUqKD.exe
  2⤵
  PID:7900
- C:\Windows\System\rQMZOlq.exe
  C:\Windows\System\rQMZOlq.exe
  2⤵
  PID:7208
- C:\Windows\System\OJFaxiM.exe
  C:\Windows\System\OJFaxiM.exe
  2⤵
  PID:7604
- C:\Windows\System\zWvQhhD.exe
  C:\Windows\System\zWvQhhD.exe
  2⤵
  PID:7352
- C:\Windows\System\EIMmOfK.exe
  C:\Windows\System\EIMmOfK.exe
  2⤵
  PID:6992
- C:\Windows\System\tnDxaDa.exe
  C:\Windows\System\tnDxaDa.exe
  2⤵
  PID:7844
- C:\Windows\System\obpPciR.exe
  C:\Windows\System\obpPciR.exe
  2⤵
  PID:7984
- C:\Windows\System\dNWSKsL.exe
  C:\Windows\System\dNWSKsL.exe
  2⤵
  PID:2064
- C:\Windows\System\ElyTtwE.exe
  C:\Windows\System\ElyTtwE.exe
  2⤵
  PID:7188
- C:\Windows\System\ymbuRGR.exe
  C:\Windows\System\ymbuRGR.exe
  2⤵
  PID:7172
- C:\Windows\System\DbNMnKx.exe
  C:\Windows\System\DbNMnKx.exe
  2⤵
  PID:7624
- C:\Windows\System\MwBFiSQ.exe
  C:\Windows\System\MwBFiSQ.exe
  2⤵
  PID:8148
- C:\Windows\System\PQkDicX.exe
  C:\Windows\System\PQkDicX.exe
  2⤵
  PID:7760
- C:\Windows\System\OIClzek.exe
  C:\Windows\System\OIClzek.exe
  2⤵
  PID:7948
- C:\Windows\System\bOTdlxL.exe
  C:\Windows\System\bOTdlxL.exe
  2⤵
  PID:7492
- C:\Windows\System\hwpUpYY.exe
  C:\Windows\System\hwpUpYY.exe
  2⤵
  PID:8112
- C:\Windows\System\kzajUuY.exe
  C:\Windows\System\kzajUuY.exe
  2⤵
  PID:7332
- C:\Windows\System\ldiCGYd.exe
  C:\Windows\System\ldiCGYd.exe
  2⤵
  PID:7732
- C:\Windows\System\ufwXYbi.exe
  C:\Windows\System\ufwXYbi.exe
  2⤵
  PID:5512
- C:\Windows\System\feRllbS.exe
  C:\Windows\System\feRllbS.exe
  2⤵
  PID:7980
- C:\Windows\System\YUIkNFg.exe
  C:\Windows\System\YUIkNFg.exe
  2⤵
  PID:7576
- C:\Windows\System\gTwLGgL.exe
  C:\Windows\System\gTwLGgL.exe
  2⤵
  PID:2044
- C:\Windows\System\QyTtscU.exe
  C:\Windows\System\QyTtscU.exe
  2⤵
  PID:8088
- C:\Windows\System\EPqHQDZ.exe
  C:\Windows\System\EPqHQDZ.exe
  2⤵
  PID:8204
- C:\Windows\System\iWGAvvc.exe
  C:\Windows\System\iWGAvvc.exe
  2⤵
  PID:8220
- C:\Windows\System\VlIrDPu.exe
  C:\Windows\System\VlIrDPu.exe
  2⤵
  PID:8244
- C:\Windows\System\qbMUzep.exe
  C:\Windows\System\qbMUzep.exe
  2⤵
  PID:8276
- C:\Windows\System\DOFrmXG.exe
  C:\Windows\System\DOFrmXG.exe
  2⤵
  PID:8296
- C:\Windows\System\ceUNDVa.exe
  C:\Windows\System\ceUNDVa.exe
  2⤵
  PID:8312
- C:\Windows\System\JRFctfc.exe
  C:\Windows\System\JRFctfc.exe
  2⤵
  PID:8328
- C:\Windows\System\koGNeie.exe
  C:\Windows\System\koGNeie.exe
  2⤵
  PID:8348
- C:\Windows\System\QbbmESW.exe
  C:\Windows\System\QbbmESW.exe
  2⤵
  PID:8364
- C:\Windows\System\EtkLyeK.exe
  C:\Windows\System\EtkLyeK.exe
  2⤵
  PID:8380
- C:\Windows\System\NkJcQvv.exe
  C:\Windows\System\NkJcQvv.exe
  2⤵
  PID:8416
- C:\Windows\System\zGjipGq.exe
  C:\Windows\System\zGjipGq.exe
  2⤵
  PID:8432
- C:\Windows\System\JzuUrpx.exe
  C:\Windows\System\JzuUrpx.exe
  2⤵
  PID:8448
- C:\Windows\System\jxDASal.exe
  C:\Windows\System\jxDASal.exe
  2⤵
  PID:8464
- C:\Windows\System\TdkoBWJ.exe
  C:\Windows\System\TdkoBWJ.exe
  2⤵
  PID:8496
- C:\Windows\System\rWEqwIM.exe
  C:\Windows\System\rWEqwIM.exe
  2⤵
  PID:8512
- C:\Windows\System\qdcgXwP.exe
  C:\Windows\System\qdcgXwP.exe
  2⤵
  PID:8528
- C:\Windows\System\LFdxJYi.exe
  C:\Windows\System\LFdxJYi.exe
  2⤵
  PID:8548
- C:\Windows\System\zAryGmx.exe
  C:\Windows\System\zAryGmx.exe
  2⤵
  PID:8572
- C:\Windows\System\fORBwoR.exe
  C:\Windows\System\fORBwoR.exe
  2⤵
  PID:8600
- C:\Windows\System\hqIzqKk.exe
  C:\Windows\System\hqIzqKk.exe
  2⤵
  PID:8620
- C:\Windows\System\VImQmam.exe
  C:\Windows\System\VImQmam.exe
  2⤵
  PID:8636
- C:\Windows\System\qyWbOPB.exe
  C:\Windows\System\qyWbOPB.exe
  2⤵
  PID:8652
- C:\Windows\System\ReEhcIW.exe
  C:\Windows\System\ReEhcIW.exe
  2⤵
  PID:8676
- C:\Windows\System\DZNorRr.exe
  C:\Windows\System\DZNorRr.exe
  2⤵
  PID:8692
- C:\Windows\System\Srbxdqw.exe
  C:\Windows\System\Srbxdqw.exe
  2⤵
  PID:8708
- C:\Windows\System\mACFLBX.exe
  C:\Windows\System\mACFLBX.exe
  2⤵
  PID:8732
- C:\Windows\System\gFYryLV.exe
  C:\Windows\System\gFYryLV.exe
  2⤵
  PID:8752
- C:\Windows\System\KBTPokQ.exe
  C:\Windows\System\KBTPokQ.exe
  2⤵
  PID:8768
- C:\Windows\System\hlAIAsz.exe
  C:\Windows\System\hlAIAsz.exe
  2⤵
  PID:8784
- C:\Windows\System\yyCDFDe.exe
  C:\Windows\System\yyCDFDe.exe
  2⤵
  PID:8804
- C:\Windows\System\fRRuoFt.exe
  C:\Windows\System\fRRuoFt.exe
  2⤵
  PID:8820
- C:\Windows\System\uHVkqAT.exe
  C:\Windows\System\uHVkqAT.exe
  2⤵
  PID:8840
- C:\Windows\System\ahWUYkX.exe
  C:\Windows\System\ahWUYkX.exe
  2⤵
  PID:8856
- C:\Windows\System\hzwkjKy.exe
  C:\Windows\System\hzwkjKy.exe
  2⤵
  PID:8872
- C:\Windows\System\KyAZgsQ.exe
  C:\Windows\System\KyAZgsQ.exe
  2⤵
  PID:8896
- C:\Windows\System\WOIKIPg.exe
  C:\Windows\System\WOIKIPg.exe
  2⤵
  PID:8944
- C:\Windows\System\HeVXUSH.exe
  C:\Windows\System\HeVXUSH.exe
  2⤵
  PID:8960
- C:\Windows\System\IfDVcGM.exe
  C:\Windows\System\IfDVcGM.exe
  2⤵
  PID:8976
- C:\Windows\System\LvHJuPy.exe
  C:\Windows\System\LvHJuPy.exe
  2⤵
  PID:8992
- C:\Windows\System\OqXyXNn.exe
  C:\Windows\System\OqXyXNn.exe
  2⤵
  PID:9012
- C:\Windows\System\zgLfTNC.exe
  C:\Windows\System\zgLfTNC.exe
  2⤵
  PID:9036
- C:\Windows\System\PoMIZHP.exe
  C:\Windows\System\PoMIZHP.exe
  2⤵
  PID:9052
- C:\Windows\System\wmrGiGL.exe
  C:\Windows\System\wmrGiGL.exe
  2⤵
  PID:9068
- C:\Windows\System\ISeyuCL.exe
  C:\Windows\System\ISeyuCL.exe
  2⤵
  PID:9088
- C:\Windows\System\tKoFbAM.exe
  C:\Windows\System\tKoFbAM.exe
  2⤵
  PID:9112
- C:\Windows\System\pSpwJCg.exe
  C:\Windows\System\pSpwJCg.exe
  2⤵
  PID:9128
- C:\Windows\System\SizcOFD.exe
  C:\Windows\System\SizcOFD.exe
  2⤵
  PID:9152
- C:\Windows\System\gKuOpxb.exe
  C:\Windows\System\gKuOpxb.exe
  2⤵
  PID:9168
- C:\Windows\System\DNfQOAp.exe
  C:\Windows\System\DNfQOAp.exe
  2⤵
  PID:9184
- C:\Windows\System\VnpUYJJ.exe
  C:\Windows\System\VnpUYJJ.exe
  2⤵
  PID:9200
- C:\Windows\System\TPgnKAA.exe
  C:\Windows\System\TPgnKAA.exe
  2⤵
  PID:8232
- C:\Windows\System\quOStZH.exe
  C:\Windows\System\quOStZH.exe
  2⤵
  PID:8272
- C:\Windows\System\zmmaCFc.exe
  C:\Windows\System\zmmaCFc.exe
  2⤵
  PID:8292
- C:\Windows\System\mpbLKuj.exe
  C:\Windows\System\mpbLKuj.exe
  2⤵
  PID:8360
- C:\Windows\System\chSGfsx.exe
  C:\Windows\System\chSGfsx.exe
  2⤵
  PID:8340
- C:\Windows\System\NaMrxVp.exe
  C:\Windows\System\NaMrxVp.exe
  2⤵
  PID:8400
- C:\Windows\System\MxDLSHg.exe
  C:\Windows\System\MxDLSHg.exe
  2⤵
  PID:8424
- C:\Windows\System\EyCbuJN.exe
  C:\Windows\System\EyCbuJN.exe
  2⤵
  PID:8472
- C:\Windows\System\EnktRyZ.exe
  C:\Windows\System\EnktRyZ.exe
  2⤵
  PID:8484
- C:\Windows\System\fIrHyUw.exe
  C:\Windows\System\fIrHyUw.exe
  2⤵
  PID:8504
- C:\Windows\System\TtSMtsJ.exe
  C:\Windows\System\TtSMtsJ.exe
  2⤵
  PID:8556
- C:\Windows\System\yWapvOm.exe
  C:\Windows\System\yWapvOm.exe
  2⤵
  PID:8608
- C:\Windows\System\AzafIzI.exe
  C:\Windows\System\AzafIzI.exe
  2⤵
  PID:8644
- C:\Windows\System\KsiyHOw.exe
  C:\Windows\System\KsiyHOw.exe
  2⤵
  PID:8684
- C:\Windows\System\FEpykEQ.exe
  C:\Windows\System\FEpykEQ.exe
  2⤵
  PID:8700
- C:\Windows\System\OLaZUNH.exe
  C:\Windows\System\OLaZUNH.exe
  2⤵
  PID:8704
- C:\Windows\System\DOTBcil.exe
  C:\Windows\System\DOTBcil.exe
  2⤵
  PID:8764
- C:\Windows\System\XJwzsBr.exe
  C:\Windows\System\XJwzsBr.exe
  2⤵
  PID:8832
- C:\Windows\System\Sbjkyrp.exe
  C:\Windows\System\Sbjkyrp.exe
  2⤵
  PID:8868
- C:\Windows\System\rTTiDil.exe
  C:\Windows\System\rTTiDil.exe
  2⤵
  PID:8852
- C:\Windows\System\RfXwDfW.exe
  C:\Windows\System\RfXwDfW.exe
  2⤵
  PID:8912
- C:\Windows\System\mTcLgEJ.exe
  C:\Windows\System\mTcLgEJ.exe
  2⤵
  PID:844
- C:\Windows\System\ArbBPSL.exe
  C:\Windows\System\ArbBPSL.exe
  2⤵
  PID:8940
- C:\Windows\System\XLOhSRJ.exe
  C:\Windows\System\XLOhSRJ.exe
  2⤵
  PID:9004
- C:\Windows\System\oDtmOLv.exe
  C:\Windows\System\oDtmOLv.exe
  2⤵
  PID:9076
- C:\Windows\System\TItQeEs.exe
  C:\Windows\System\TItQeEs.exe
  2⤵
  PID:8988
- C:\Windows\System\rshgYVS.exe
  C:\Windows\System\rshgYVS.exe
  2⤵
  PID:9192
- C:\Windows\System\UVpuWjP.exe
  C:\Windows\System\UVpuWjP.exe
  2⤵
  PID:9140
- C:\Windows\System\OLzalOb.exe
  C:\Windows\System\OLzalOb.exe
  2⤵
  PID:9064
- C:\Windows\System\akkzwpc.exe
  C:\Windows\System\akkzwpc.exe
  2⤵
  PID:9212
- C:\Windows\System\UzRcQOn.exe
  C:\Windows\System\UzRcQOn.exe
  2⤵
  PID:8200
- C:\Windows\System\fubNnqR.exe
  C:\Windows\System\fubNnqR.exe
  2⤵
  PID:8268
- C:\Windows\System\IrHWNVw.exe
  C:\Windows\System\IrHWNVw.exe
  2⤵
  PID:8288
- C:\Windows\System\mkiwBVh.exe
  C:\Windows\System\mkiwBVh.exe
  2⤵
  PID:8344
- C:\Windows\System\PNEyWPx.exe
  C:\Windows\System\PNEyWPx.exe
  2⤵
  PID:8304
- C:\Windows\System\snQRVjf.exe
  C:\Windows\System\snQRVjf.exe
  2⤵
  PID:8492
- C:\Windows\System\amWQbcr.exe
  C:\Windows\System\amWQbcr.exe
  2⤵
  PID:8476
- C:\Windows\System\THTVMnr.exe
  C:\Windows\System\THTVMnr.exe
  2⤵
  PID:8544
- C:\Windows\System\GcCpXDm.exe
  C:\Windows\System\GcCpXDm.exe
  2⤵
  PID:8596
- C:\Windows\System\gIGFCpE.exe
  C:\Windows\System\gIGFCpE.exe
  2⤵
  PID:8664
- C:\Windows\System\RReIXSq.exe
  C:\Windows\System\RReIXSq.exe
  2⤵
  PID:8780
- C:\Windows\System\OstaLYj.exe
  C:\Windows\System\OstaLYj.exe
  2⤵
  PID:8760
- C:\Windows\System\orFZBcw.exe
  C:\Windows\System\orFZBcw.exe
  2⤵
  PID:8828
- C:\Windows\System\dzEDwvF.exe
  C:\Windows\System\dzEDwvF.exe
  2⤵
  PID:9000
- C:\Windows\System\gBhebEe.exe
  C:\Windows\System\gBhebEe.exe
  2⤵
  PID:8984
- C:\Windows\System\mfMhjro.exe
  C:\Windows\System\mfMhjro.exe
  2⤵
  PID:9044
- C:\Windows\System\edlvvrb.exe
  C:\Windows\System\edlvvrb.exe
  2⤵
  PID:9160
- C:\Windows\System\dyxXwdK.exe
  C:\Windows\System\dyxXwdK.exe
  2⤵
  PID:9024
- C:\Windows\System\YPnpfvp.exe
  C:\Windows\System\YPnpfvp.exe
  2⤵
  PID:8240
- C:\Windows\System\WcoeipI.exe
  C:\Windows\System\WcoeipI.exe
  2⤵
  PID:8388
- C:\Windows\System\ntwlKLs.exe
  C:\Windows\System\ntwlKLs.exe
  2⤵
  PID:8444
- C:\Windows\System\FUifGOI.exe
  C:\Windows\System\FUifGOI.exe
  2⤵
  PID:8628
- C:\Windows\System\fTTNslm.exe
  C:\Windows\System\fTTNslm.exe
  2⤵
  PID:8520
- C:\Windows\System\MveMLke.exe
  C:\Windows\System\MveMLke.exe
  2⤵
  PID:8776
- C:\Windows\System\JuomACi.exe
  C:\Windows\System\JuomACi.exe
  2⤵
  PID:8136
- C:\Windows\System\reWwaom.exe
  C:\Windows\System\reWwaom.exe
  2⤵
  PID:8720
- C:\Windows\System\QHueqQP.exe
  C:\Windows\System\QHueqQP.exe
  2⤵
  PID:8908
- C:\Windows\System\KRcEroS.exe
  C:\Windows\System\KRcEroS.exe
  2⤵
  PID:8952
- C:\Windows\System\llxitsU.exe
  C:\Windows\System\llxitsU.exe
  2⤵
  PID:9048
- C:\Windows\System\PkpooWG.exe
  C:\Windows\System\PkpooWG.exe
  2⤵
  PID:8236
- C:\Windows\System\nFyItis.exe
  C:\Windows\System\nFyItis.exe
  2⤵
  PID:8884
- C:\Windows\System\WUzIFwC.exe
  C:\Windows\System\WUzIFwC.exe
  2⤵
  PID:8324
- C:\Windows\System\NUaiTCm.exe
  C:\Windows\System\NUaiTCm.exe
  2⤵
  PID:8716
- C:\Windows\System\ZCsZNmU.exe
  C:\Windows\System\ZCsZNmU.exe
  2⤵
  PID:8744
- C:\Windows\System\pqVzZMc.exe
  C:\Windows\System\pqVzZMc.exe
  2⤵
  PID:8728
- C:\Windows\System\OXibEEz.exe
  C:\Windows\System\OXibEEz.exe
  2⤵
  PID:9028
- C:\Windows\System\XGcbRCV.exe
  C:\Windows\System\XGcbRCV.exe
  2⤵
  PID:8904
- C:\Windows\System\MUaiBHn.exe
  C:\Windows\System\MUaiBHn.exe
  2⤵
  PID:8936
- C:\Windows\System\tFayGKS.exe
  C:\Windows\System\tFayGKS.exe
  2⤵
  PID:9020
- C:\Windows\System\MAopTcl.exe
  C:\Windows\System\MAopTcl.exe
  2⤵
  PID:8196
- C:\Windows\System\LJTPIwI.exe
  C:\Windows\System\LJTPIwI.exe
  2⤵
  PID:8880
- C:\Windows\System\wweOHlQ.exe
  C:\Windows\System\wweOHlQ.exe
  2⤵
  PID:8284
- C:\Windows\System\MHwGvht.exe
  C:\Windows\System\MHwGvht.exe
  2⤵
  PID:8660
- C:\Windows\System\YoQVjPH.exe
  C:\Windows\System\YoQVjPH.exe
  2⤵
  PID:8864
- C:\Windows\System\zzZvHuE.exe
  C:\Windows\System\zzZvHuE.exe
  2⤵
  PID:8972
- C:\Windows\System\qILvwEK.exe
  C:\Windows\System\qILvwEK.exe
  2⤵
  PID:8928
- C:\Windows\System\jxOLiav.exe
  C:\Windows\System\jxOLiav.exe
  2⤵
  PID:1564
- C:\Windows\System\wKpOXJT.exe
  C:\Windows\System\wKpOXJT.exe
  2⤵
  PID:9208
- C:\Windows\System\yufkxCp.exe
  C:\Windows\System\yufkxCp.exe
  2⤵
  PID:9236
- C:\Windows\System\aTxBbir.exe
  C:\Windows\System\aTxBbir.exe
  2⤵
  PID:9260
- C:\Windows\System\KRJLhYa.exe
  C:\Windows\System\KRJLhYa.exe
  2⤵
  PID:9280
- C:\Windows\System\ijRnCUN.exe
  C:\Windows\System\ijRnCUN.exe
  2⤵
  PID:9304
- C:\Windows\System\gpeOnkT.exe
  C:\Windows\System\gpeOnkT.exe
  2⤵
  PID:9320
- C:\Windows\System\jfYzYCe.exe
  C:\Windows\System\jfYzYCe.exe
  2⤵
  PID:9336
- C:\Windows\System\xHGZeqV.exe
  C:\Windows\System\xHGZeqV.exe
  2⤵
  PID:9360
- C:\Windows\System\JJGeJyw.exe
  C:\Windows\System\JJGeJyw.exe
  2⤵
  PID:9380
- C:\Windows\System\YdZcYnC.exe
  C:\Windows\System\YdZcYnC.exe
  2⤵
  PID:9400
- C:\Windows\System\lkodihq.exe
  C:\Windows\System\lkodihq.exe
  2⤵
  PID:9424
- C:\Windows\System\zoiWOWl.exe
  C:\Windows\System\zoiWOWl.exe
  2⤵
  PID:9440
- C:\Windows\System\ZETolFJ.exe
  C:\Windows\System\ZETolFJ.exe
  2⤵
  PID:9456
- C:\Windows\System\DDgmTuS.exe
  C:\Windows\System\DDgmTuS.exe
  2⤵
  PID:9472
- C:\Windows\System\HBJInqR.exe
  C:\Windows\System\HBJInqR.exe
  2⤵
  PID:9488
- C:\Windows\System\RZGhXLt.exe
  C:\Windows\System\RZGhXLt.exe
  2⤵
  PID:9504
- C:\Windows\System\OlGMXMs.exe
  C:\Windows\System\OlGMXMs.exe
  2⤵
  PID:9520
- C:\Windows\System\CwwYnal.exe
  C:\Windows\System\CwwYnal.exe
  2⤵
  PID:9544
- C:\Windows\System\WBwzVBH.exe
  C:\Windows\System\WBwzVBH.exe
  2⤵
  PID:9560
- C:\Windows\System\izLcqbI.exe
  C:\Windows\System\izLcqbI.exe
  2⤵
  PID:9608
- C:\Windows\System\FEfdshP.exe
  C:\Windows\System\FEfdshP.exe
  2⤵
  PID:9628
- C:\Windows\System\FDiaPfb.exe
  C:\Windows\System\FDiaPfb.exe
  2⤵
  PID:9644
- C:\Windows\System\lqkAnpU.exe
  C:\Windows\System\lqkAnpU.exe
  2⤵
  PID:9672
- C:\Windows\System\DfAQfUH.exe
  C:\Windows\System\DfAQfUH.exe
  2⤵
  PID:9688
- C:\Windows\System\OxVDOUq.exe
  C:\Windows\System\OxVDOUq.exe
  2⤵
  PID:9708
- C:\Windows\System\nUzlxCx.exe
  C:\Windows\System\nUzlxCx.exe
  2⤵
  PID:9724
- C:\Windows\System\VcTfqEg.exe
  C:\Windows\System\VcTfqEg.exe
  2⤵
  PID:9748
- C:\Windows\System\okGeMip.exe
  C:\Windows\System\okGeMip.exe
  2⤵
  PID:9764
- C:\Windows\System\sONaFtK.exe
  C:\Windows\System\sONaFtK.exe
  2⤵
  PID:9788
- C:\Windows\System\fqCdYkO.exe
  C:\Windows\System\fqCdYkO.exe
  2⤵
  PID:9808
- C:\Windows\System\lWsLugM.exe
  C:\Windows\System\lWsLugM.exe
  2⤵
  PID:9828
- C:\Windows\System\ZJBZMmC.exe
  C:\Windows\System\ZJBZMmC.exe
  2⤵
  PID:9848
- C:\Windows\System\eYJNbdg.exe
  C:\Windows\System\eYJNbdg.exe
  2⤵
  PID:9864
- C:\Windows\System\sDijCXo.exe
  C:\Windows\System\sDijCXo.exe
  2⤵
  PID:9884
- C:\Windows\System\BfesUQp.exe
  C:\Windows\System\BfesUQp.exe
  2⤵
  PID:9900
- C:\Windows\System\UbgARMi.exe
  C:\Windows\System\UbgARMi.exe
  2⤵
  PID:9920
- C:\Windows\System\jhvHcRE.exe
  C:\Windows\System\jhvHcRE.exe
  2⤵
  PID:9944
- C:\Windows\System\aucilEX.exe
  C:\Windows\System\aucilEX.exe
  2⤵
  PID:9960
- C:\Windows\System\EoNIHrE.exe
  C:\Windows\System\EoNIHrE.exe
  2⤵
  PID:9976
- C:\Windows\System\GfPXIeg.exe
  C:\Windows\System\GfPXIeg.exe
  2⤵
  PID:9996
- C:\Windows\System\zxOohnT.exe
  C:\Windows\System\zxOohnT.exe
  2⤵
  PID:10016
- C:\Windows\System\BreBlnD.exe
  C:\Windows\System\BreBlnD.exe
  2⤵
  PID:10048
- C:\Windows\System\mZIfhcE.exe
  C:\Windows\System\mZIfhcE.exe
  2⤵
  PID:10068
- C:\Windows\System\NapKOjn.exe
  C:\Windows\System\NapKOjn.exe
  2⤵
  PID:10088
- C:\Windows\System\dblCAPH.exe
  C:\Windows\System\dblCAPH.exe
  2⤵
  PID:10104
- C:\Windows\System\ZxvNhwQ.exe
  C:\Windows\System\ZxvNhwQ.exe
  2⤵
  PID:10128
- C:\Windows\System\jVAEqPN.exe
  C:\Windows\System\jVAEqPN.exe
  2⤵
  PID:10144
- C:\Windows\System\IWptabU.exe
  C:\Windows\System\IWptabU.exe
  2⤵
  PID:10160
- C:\Windows\System\YPwAnIj.exe
  C:\Windows\System\YPwAnIj.exe
  2⤵
  PID:10176
- C:\Windows\System\wjETvMQ.exe
  C:\Windows\System\wjETvMQ.exe
  2⤵
  PID:10212
- C:\Windows\System\XZHfkqx.exe
  C:\Windows\System\XZHfkqx.exe
  2⤵
  PID:10228
- C:\Windows\System\QLZGEsc.exe
  C:\Windows\System\QLZGEsc.exe
  2⤵
  PID:9224
- C:\Windows\System\bfIoLRP.exe
  C:\Windows\System\bfIoLRP.exe
  2⤵
  PID:9272
- C:\Windows\System\qrryxBb.exe
  C:\Windows\System\qrryxBb.exe
  2⤵
  PID:9296
- C:\Windows\System\rnAdnVD.exe
  C:\Windows\System\rnAdnVD.exe
  2⤵
  PID:9344
- C:\Windows\System\GnDbTKB.exe
  C:\Windows\System\GnDbTKB.exe
  2⤵
  PID:9368
- C:\Windows\System\oTgcWvn.exe
  C:\Windows\System\oTgcWvn.exe
  2⤵
  PID:9392
- C:\Windows\System\jZJPabl.exe
  C:\Windows\System\jZJPabl.exe
  2⤵
  PID:9436
- C:\Windows\System\vfrjPgh.exe
  C:\Windows\System\vfrjPgh.exe
  2⤵
  PID:9512
- C:\Windows\System\qhKvARq.exe
  C:\Windows\System\qhKvARq.exe
  2⤵
  PID:9532
- C:\Windows\System\rETbDib.exe
  C:\Windows\System\rETbDib.exe
  2⤵
  PID:9568
- C:\Windows\System\VbpwvDO.exe
  C:\Windows\System\VbpwvDO.exe
  2⤵
  PID:9604
- C:\Windows\System\jZHBYbJ.exe
  C:\Windows\System\jZHBYbJ.exe
  2⤵
  PID:9616
- C:\Windows\System\WESVhXQ.exe
  C:\Windows\System\WESVhXQ.exe
  2⤵
  PID:9656
- C:\Windows\System\GtKJyDH.exe
  C:\Windows\System\GtKJyDH.exe
  2⤵
  PID:9732
- C:\Windows\System\cOrhVwy.exe
  C:\Windows\System\cOrhVwy.exe
  2⤵
  PID:9716
- C:\Windows\System\KQojDiB.exe
  C:\Windows\System\KQojDiB.exe
  2⤵
  PID:9760
- C:\Windows\System\PuGJZHQ.exe
  C:\Windows\System\PuGJZHQ.exe
  2⤵
  PID:9780
- C:\Windows\System\pfNwkwY.exe
  C:\Windows\System\pfNwkwY.exe
  2⤵
  PID:9836
- C:\Windows\System\xUmhlMU.exe
  C:\Windows\System\xUmhlMU.exe
  2⤵
  PID:9860
- C:\Windows\System\dvwRdMU.exe
  C:\Windows\System\dvwRdMU.exe
  2⤵
  PID:9932
- C:\Windows\System\UgMgqFn.exe
  C:\Windows\System\UgMgqFn.exe
  2⤵
  PID:9876
- C:\Windows\System\WIULXGh.exe
  C:\Windows\System\WIULXGh.exe
  2⤵
  PID:9956
- C:\Windows\System\LBBbAqZ.exe
  C:\Windows\System\LBBbAqZ.exe
  2⤵
  PID:10004
- C:\Windows\System\idmigVR.exe
  C:\Windows\System\idmigVR.exe
  2⤵
  PID:10028
- C:\Windows\System\nrKXmdA.exe
  C:\Windows\System\nrKXmdA.exe
  2⤵
  PID:10044
- C:\Windows\System\yYnwDHl.exe
  C:\Windows\System\yYnwDHl.exe
  2⤵
  PID:10084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BWJCZIT.exe

Filesize
1.9MB

MD5
0085bc1d15b71a6b683ea12dd276705b

SHA1
9bfb027f5eb183c29a6b7699918564465e72d155

SHA256
be62764b6bd52f91483c11828c5b72947d3e845ada399c47b4160fc6dac893dc

SHA512
4679adbb1dacd5a92cc19128a56d37c449672ee4dd8b42d24dc679477df8d1eb88deb295b24611a19ed9ed827a5a8b1125577558f75bd12a6f052a06ae4054b0

Download Submit
C:\Windows\system\CzBABoP.exe

Filesize
1.9MB

MD5
fcd0e2420d41d5132f8bbc11bee89ffb

SHA1
5e77a700ce81089a070f45ad049aebb16d66c0fb

SHA256
719637dcacf433ff277894ec13c5b7005bc8fdc210997125d0f30dbf3445a9de

SHA512
04eedcb17b9bb121d211214726ac9acf5415d5ed7767e83427f2b7364d527f428ab530e6645badf79918ed2221545a33cc421b9dd1e734914f6dc1610ca254cc

Download Submit
C:\Windows\system\DVbQycL.exe

Filesize
1.9MB

MD5
b079a39e244cde92cf53218be957c10b

SHA1
5127367b1399d9183642bf82bd207bc140decc1d

SHA256
d79e379b8492f0965ac97e6d4ba3dccf9495fb1c9a381e7b5b82da5348ddeee2

SHA512
dc1cfaaead81f7dc808659841b98f176c283c66c4e7ba6777d704797bf2ce8b585456f54cce924a6cf4ba81aa89e7bf52e51dc58e79d95325877f46256596949

Download Submit
C:\Windows\system\GMYYCWA.exe

Filesize
1.9MB

MD5
db9e338a5872de3b1f0c1d95bd61c21e

SHA1
d1dbd7811c7494865f33ea8b61eae5f79fd3f287

SHA256
84f0e1a5cd5da67d2acf9d2b4b4fedbe257dd12d2aad6100a89823d1658ebdc4

SHA512
f4392510242195bf1cdc17ee9a6f143fd76b21667ddfef77751e4976258acffa6c06b10a8188db34084fad7ae07dd7d0c07acb1942efed74be75f7727f2ce18f

Download Submit
C:\Windows\system\IPNarWt.exe

Filesize
1.9MB

MD5
3e152059f3484d7910f1be1afaba0ede

SHA1
0ab463e9f9b9b6d43a7311ab7771620054ca481a

SHA256
055b8eb7df3f4ae0b4e3033ad23a9ff4ac05e82f015206de99c269011356cbd2

SHA512
12d04bd67626084bc3caf94c04dec5c4090e49f26e2462147a04aa06e14d549b0c7293cf0c9d1e11a95a714454abb193eab189f94b546f9e8a3e00fb79fa4cd1

Download Submit
C:\Windows\system\JniUqlO.exe

Filesize
1.9MB

MD5
cc9ca8c65df0fbe716e48b469f1948b8

SHA1
17aa29215749567270f04e17cd18ed5252dc1770

SHA256
d94d2c2173b4a3766755fb0992501989ec92718fef5d94f20b2875da3779660d

SHA512
5fdc0497a769c593661c12828a95fdd3a063214e51bac5fe03ccefa09b4b883228725d0de953cf7178758c98f5e634be0f80b13e0e11e6ab2c03f64ce545912a

Download Submit
C:\Windows\system\JySbpxP.exe

Filesize
1.9MB

MD5
138b699c85f4af8622218bb015634580

SHA1
be569ee0c3c315cdea4e314ae79cde1b28b41369

SHA256
c25f757ac98d044af1500931a9a69d1b0c17326887ff14bc696bde0fd0fd7b5b

SHA512
f5fef358aafbc186672b6b86e09dfe35832c90931edc19f6a1a33e7957e017824bec0f823ac39be6cae37802f2e944491f6a58963fe08b5f1e16ded2d7de8bc5

Download Submit
C:\Windows\system\LiiAFrK.exe

Filesize
1.9MB

MD5
fd377780e2ef0945f1baa054652d7b62

SHA1
983083dd4a9eefca06adc1046b396dd1d47fda95

SHA256
e8b85f1861971444a5d50ecc0554c2ac174be202858e9beeed7587a5950d25c6

SHA512
a8855305e7fceeb56607ecaa0bda41f8fc5fabd9c8a1ffe907cc62b6df36c6ab739d199fd9ada96c9e44cb5dc55cc596b74fd59cd7859ead8d433abbf5a2c52d

Download Submit
C:\Windows\system\MkfrvjH.exe

Filesize
1.9MB

MD5
2000313edb65a4f07cfe12e936c37532

SHA1
99e71c450e1274ac385c8a3e58fcac3ef36c715f

SHA256
14a76cd743355a1ead1852774734065f00a974c41e6944a23cae9860f902b5ad

SHA512
d93c138c276014d1a1da678fecda85330cc66052575ef0a53d41088460aba6c281d7dfa3e1ba50a72c79a88ffa7d4437145f758145a9bcd9120cba8c6827c440

Download Submit
C:\Windows\system\NWiIbjT.exe

Filesize
1.9MB

MD5
56d8b3a094e300daeef134b8aa3b10c8

SHA1
a6349af67de96f4d34b52663a7a347c5bb29744e

SHA256
46fcf065d14c262d2d1be22f2a43c7389075d43c2da7dbbc72960abcb1c2f036

SHA512
b5c53ca9de2837e15aa9efc939f929a8d70680eb8d507bb05673ea76e6c64f6c703b298963c4cf830fe30a82824e620a99f2c2b828bfab99aef5e84eb5b9c9b7

Download Submit
C:\Windows\system\OiLtauG.exe

Filesize
1.9MB

MD5
c6932de7bd9a8d061f3f1d4ab1fe0a37

SHA1
4037e8be40322259db7ce9b9cd7c5a5fcd6fc593

SHA256
42608b6fd980660d6c62fc18c59a307adfd71877fea4b36c2d8d7e9bc989e3e1

SHA512
ba999fc4d102217cf2adcecb8422ca3e5cc8c5be9df6231e335b07579e89935cc956655c84f340f61933a5a637864dd7ed3cd85dad2a66a5de93ce9599a8778e

Download Submit
C:\Windows\system\QWUaCRu.exe

Filesize
1.9MB

MD5
700f23417329fbb321c2f5524d40a686

SHA1
27acdeb0920181b5cd2266a647979af47f492114

SHA256
b6e85546dbcce150be1e4a6f277f4677ff3424bd4a484cd1e6f28aaf99d38699

SHA512
816ac5c170fc9965333043378f911313e75ef3908243bcd3a56d039e0f8076be34dac29b07229d0d2a5f5f1ea922c1c9437f1e17e5ba2f0970c63cd62fcb112e

Download Submit
C:\Windows\system\UvHtnlp.exe

Filesize
1.9MB

MD5
781b26fadaa1a7247d8ec3102beecb9f

SHA1
38a2885a80c3cb6c10a4389c1131a486f4b13361

SHA256
3885d10d5504b087b6e7df9c708848b606cea28a6d988a86e5e84bea8d3c142c

SHA512
c9ea6dc3aef9ea51143f9306ab7e2519662dc2a135d93be9756936c4b1221f0e40b7ee1659384a046a1cd12f6086f6862a88e7c8ba6b208e8decfedde8652f4b

Download Submit
C:\Windows\system\Vkjoxor.exe

Filesize
1.9MB

MD5
a9eb54e61aae6ec8825215a662e6453b

SHA1
f829cd5da9d0efceb89ab8354574123fde018aa5

SHA256
e582fee38a79a1da3e75011261dd2d17b656e264ca5c46ed70fbf8fbed3562de

SHA512
993d4a75b894fd93c53f50c7b44fc93a3d3b3aede47c8f13e17c2f63229615421355680e1cb26e1b4899eae1a635dcf7e30b881bd0f92fc14ba705dcd165e018

Download Submit
C:\Windows\system\XVGMUTl.exe

Filesize
1.9MB

MD5
b6c67a74aa1f2b584a7fcc1febe2af36

SHA1
2e28e140670b7e75d72ef8c3a18ea6421761e3e5

SHA256
2046a298ed494832f5a13fb34f8ae90dddd2b051cb4c10ba2e51649ef125c699

SHA512
a4a1594a1db8d67a70aa0e2cd359430a13dc1c778a4d2122015f2edb7b9741773523da98cc5bdf8291a68a81c5ea504ac5421670f22006cb332a40f59a8c4ae2

Download Submit
C:\Windows\system\XsegyzX.exe

Filesize
1.9MB

MD5
c288fd0065ebc468be7e73aec4fa218e

SHA1
da44dc23eba3fd87447eaf5852110e4deaccee6c

SHA256
b426dfeb28c7e1790602d22ffa7d4a2e19bfaf1f17e13858b009c6e5444f3049

SHA512
37478c40bfcaf4a4e7ce42304f8b3a993003ae660aaf2b4a7499ff58f208c452bcd1d91a47c8d9883ed42cf586c675d4c97ec506675960300e842bf2abbc9c17

Download Submit
C:\Windows\system\YDvvaZa.exe

Filesize
1.9MB

MD5
a5a1563848be2db09c3ec13c779523ad

SHA1
dfb07f8ef53d11e6d49e80227c331a04bf12f8a7

SHA256
b64a52416161637227c00340bae4e04bb7a839f2d70f0482e62b2abfab527a28

SHA512
4129aa0fd101891a46cadf610a4a7b167de74abab1bbc8c00fd82f3c86cddf747f3cfe3397ebcc8fa883c9f6f152831a728a2c3d5961eb9fcb6bcd6f88387362

Download Submit
C:\Windows\system\ZjrbdIK.exe

Filesize
1.9MB

MD5
31231b9e451ced0230908d97ac2b2a1b

SHA1
7e66308faa93f14410a5413e2c59e06cbabf2aaa

SHA256
191923c1059a2f6454418fd3fb8db206ed464df79d7caa40e79c79a28e045684

SHA512
f9aa7ed8365fe11817673ea12ac19e33f5736c192e11623dd79289134ddf0289998baf354c2e3420efaf0a1505a67819251dff6807fe40a95236030ec74fc3e8

Download Submit
C:\Windows\system\aKMvoBt.exe

Filesize
1.9MB

MD5
7571777831fdb7a9662415bc36e6d59e

SHA1
3e38e70c91eafacadc9f4065f1259e86adcee60a

SHA256
594324b92b9c64e7dac828b6ff6912061dd8b03a750619312a0258eb754fbe44

SHA512
184c29f09d5e551cc1dc88e7fddbb8af9ab6cc246613ec46287e5d335deab50661a2b5b7e0a74567bab28f8f7d821a0b2314aea5646df3b77bb52cd2a21421d1

Download Submit
C:\Windows\system\cXmdaLy.exe

Filesize
1.9MB

MD5
b3e21d5cb268eb29b0b725736ba0348f

SHA1
808f3823026b7bec4fe59ace6104a28124f146b1

SHA256
403924df6818b148e3fc516ed14f0175118c068616f7e82f2fb1e86d190d3989

SHA512
e45d8213eb980778e1bdd80b3531e42e47871b9863093998277a2080b0954cc2890b2f71d415cf16f0d0c8883d45369e593b8e0133f5559ccd711f4ef873690a

Download Submit
C:\Windows\system\eFNSMLx.exe

Filesize
1.9MB

MD5
7db49c61e1b1e723fbd8a970d4f9d799

SHA1
271c4ac66330b046945084f1fa027cd4730f0961

SHA256
8d81784138e728b51771b727ff34069883663dd3e84b8fbec748de3d8e3449c7

SHA512
f0d87762c8d160c7c5d62cb3e6bc272c8ca798861dac2f2bb445c31403e1fa9dbef219fe9cc3921208f3f87cc60eff714677f4a2bcf3192899f17bbbbbb624f8

Download Submit
C:\Windows\system\ekgDyBY.exe

Filesize
1.9MB

MD5
770e654189bd579da3bc8fbcb23768bd

SHA1
64a411599eceab3323c3dced26d1b96d096fcc9f

SHA256
21262a79b3415783a3e93a81ac753cde9ace19f0e14fa44561a65ddf90fe0c3c

SHA512
391242c1ceb1eb866b72a11bc73b66d2293341fe7cebc149318a72912ec18aa7ff06c72a038e4a1e970f1f12ad4d44d5cfaf7e6c508bbc1191b0b6b9719c1819

Download Submit
C:\Windows\system\fMbuxrB.exe

Filesize
1.9MB

MD5
7f74378be9904df8ad5515e028cbc717

SHA1
f2993460715b5b05dd9b40b39795ef3e02ce3c00

SHA256
fefd29a5b856d54d98b06a320414d98e979f690216820919a85e5bb04e4d680c

SHA512
1d660c204a0c277b81ddf3cd94b6c82fe1c5d7ee643403d88260722b3478dc39b4793b8310c7d5ee4efac10741d9a5dfde0974f0445981ff4dc63e6c30bc07a6

Download Submit
C:\Windows\system\nnaYojm.exe

Filesize
1.9MB

MD5
b1179a389e5e2b88158cb41e37021096

SHA1
5f28cd21063d32974b0852e8e879e36ade403f14

SHA256
64b91b2e295c5237516cb7f69cedf0babaa42420ec03d925c67b07ebcaa315f9

SHA512
31339dc78af33196b109884bb221d3c1f6b37f0f044df0007a139a6b7b5caf666c060fd2b94542245f578c28fb768475253db904268903e0c85114721168ee78

Download Submit
C:\Windows\system\qOfJURD.exe

Filesize
1.9MB

MD5
80b5b9550a648fc986e51495c0ca38dc

SHA1
6127d4819e667ed0dee257ab905c214e4b239678

SHA256
fb4893faa63f3dd24b5cd626439d83c2e79944895c5842c564d2423fe441793e

SHA512
6d7bc5afaad099220001b7d5dea926f4fb627d30f4e9fe58fb8e8e3cbf3532f18b52cabfd84fc92c4726e1dd3965f37567da3da6b5c932d85001765184e921a4

Download Submit
C:\Windows\system\sYkCKEs.exe

Filesize
1.9MB

MD5
be70cf81570ba8a5260badbab12389bc

SHA1
45451cfa8a21cff1f114d2388146f7bb548c7e9b

SHA256
a520239c06ef3ea0c3c41d2d461a796a3fa2e3580d88ac6c4e0b615d6a5cd811

SHA512
38f6d42af2e033be369704d2896b427acf49855aee4aeb4b547b08091daa5edbf841172c4fcf3e2eba8ef1d0a65c8d69ed60f2fb677e384c68a4962ceff3f13e

Download Submit
C:\Windows\system\tLVBsIK.exe

Filesize
1.9MB

MD5
93335746454d1c2dea418ba03a98fe27

SHA1
34a2dd1ef323dda12746d9c2271c0d7d22106b6a

SHA256
e02cb65dc843842fba7adeb70961f8560d87a0372d8d7cbf6775fb4777fe368a

SHA512
f8cf1ed064077728425690dedc58dece6e2d1c8ef0f5d29a4f1b13e1face404dae6f3684dd4892ce243b211a0dbe8f4e0dfca69f619e651bbe06dc83fc5ec06c

Download Submit
C:\Windows\system\wSzjYLq.exe

Filesize
1.9MB

MD5
7136fb57a99bd6ff0fc1e81dc1a41f37

SHA1
bd73bb882b796914616bb2e1aed6ead41ef3e134

SHA256
6e74c5aaa621889637077dfc88ef4651c4b5fcda1ef9171d2d59c55152ce4c4a

SHA512
b91c5f35b61bf63bfac287291f4637ac8a9994d0ba10111a36c7811e9747a74e1ff93a0a8beda3c66a03a920e3a97d6a0d89885d83a83b99998a98009b7c1e01

Download Submit
C:\Windows\system\xvBvQFd.exe

Filesize
1.9MB

MD5
edc4a15d843b2c718ef89999bafc1cf2

SHA1
589329b2aa8afc6ee3bae70a1a5e48f3818aecbd

SHA256
4e91c708843a5e262b37d605fa094943267e07ffcef6b2ad7e5122f18b99d30b

SHA512
0370227387876eed09858f273ef85f1efc567e9509cfa65e11e892e59e82635a8ea3c06d80166c177c801abfa1f4240fb3ae5470bb1e1c42d42bb6e156369123

Download Submit
C:\Windows\system\zKgMagd.exe

Filesize
1.9MB

MD5
a6ac73982951be206214d0d4e1a0f42c

SHA1
2d280d9ba1f53694452a67ae26a08bba4de71790

SHA256
8d08e64c81383d6fb57f5255049d0bf86d1ff659cf19567f9d680693150f0f01

SHA512
48922ad984b7c4a1144ea3d9f9f06aa7bcb72ee75d4c8c9ed84a23b28a4d38bf477f3b224c7e57cbb2399e78f20acb774de5e022dae73a0a0c193e090c782e69

Download Submit
\Windows\system\BWoDiAm.exe

Filesize
1.9MB

MD5
6ba69d591597a2be7e41b62718904092

SHA1
01db14364d21a16f0fd5c78c2e2b7310fb9c7fd1

SHA256
79074387e1430fc073bcd7bba859d21755d22c354926762628dcefadd3989b57

SHA512
fc32d6d19a3c60756954e4df76a936ef93fcd1160ec1f9d6d21752203d05aa24f4bfbfe5ec5f602f8e11078e4b35741875f220447eed9fdc33b8ee71c9106a98

Download Submit
\Windows\system\HDCDlao.exe

Filesize
1.9MB

MD5
5192565dcd00e8540e1181ac0e016372

SHA1
4ebe591d1f27de8d6273d622d55a0bad15bfb2e9

SHA256
fd33cd2cbab5c8ae999c99fc44b037ebc3c34c74fc81786aab72aab303b5901b

SHA512
e811cce17a0dc386b7d370d0d0a35dd1c61f8d64d10f67dab0d117a6c76ad26eef1c11478db9773bb9bb6cb06f24cd445c4aef47e7d611d1f62ab7b95c90e840

Download Submit
memory/1676-102-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1676-3517-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1676-4043-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2404-21-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-85-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-4034-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2844-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-88-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4041-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2576-38-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-532-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4033-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-63-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2240-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4037-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4038-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-2517-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-70-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-55-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4036-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1573-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4035-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-80-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4039-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2736-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3130-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4042-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-87-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3125-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-47-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2844-13-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-62-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2844-35-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-20-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-69-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1567-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2239-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2844-27-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2516-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-79-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2669-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2843-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-53-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-54-0x0000000001FC0000-0x0000000002314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3516-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2844-94-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-107-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-101-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4030-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-68-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4032-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2952-86-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2952-30-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-975-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2968-46-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2968-4040-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4031-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-78-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download